0: kd> !process 0 ff **** NT ACTIVE PROCESS DUMP **** PROCESS fffffa800182e480 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000003000 HandleCount: Image: System VadRoot fffffa80026a92b0 Vads 16 Clone 0 Private 21. Modified 60513. Locked 64. DeviceMap fffff8a00000c340 Token fffff8a0000055e0 ElapsedTime 2 Days 20:12:15.491 UserTime 00:00:00.000 KernelTime 00:00:10.030 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (224, 50, 450) (896KB, 200KB, 1800KB) PeakWorkingSetSize 1739 VirtualSize 5 Mb PeakVirtualSize 12 Mb PageFaultCount 41953 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 31 Setting context for this process... .process /p /r fffffa800182e480 !peb PEB NULL... THREAD fffffa8001818040 Cid 0004.0008 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d542e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 23943 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:08.502 Win32 Start Address nt!Phase1Initialization (0xfffff802b3f85f70) Stack Init fffff880009a9dd0 Current fffff880009a9970 Base fffff880009aa000 Limit fffff880009a4000 Call 0 Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800184e380 Cid 0004.000c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d1ff20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 38 Ticks: 15741090 (2:20:12:42.577) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorkerControl (0xfffff802b3bc4b30) Stack Init fffff880009d0dd0 Current fffff880009d0a40 Base fffff880009d1000 Limit fffff880009cb000 Call 0 Priority 15 BasePriority 13 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80017f4040 Cid 0004.0010 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739995 Ticks: 1133 (0:00:00:17.674) Context Switch Count 535 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009d7dd0 Current fffff880009d79d0 Base fffff880009d8000 Limit fffff880009d2000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800183a940 Cid 0004.0014 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009dedd0 Current fffff880009de9d0 Base fffff880009df000 Limit fffff880009d9000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018094c0 Cid 0004.0018 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8001835788 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15679017 Ticks: 62111 (0:00:16:08.937) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopFxEmergencyWorker (0xfffff802b3bb507c) Stack Init fffff880009e5dd0 Current fffff880009e5a20 Base fffff880009e6000 Limit fffff880009e0000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001823980 Cid 0004.001c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88000faace0 SynchronizationTimer fffff802b3d0d2f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThreadBalanceManager (0xfffff802b3e1bfe8) Stack Init fffff88000faadd0 Current fffff88000faa9a0 Base fffff88000fab000 Limit fffff88000fa5000 Call 0 Priority 15 BasePriority 12 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001806a80 Cid 0004.002c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 20016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.780 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fc6dd0 Current fffff88000fc69d0 Base fffff88000fc7000 Limit fffff88000fc1000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001806400 Cid 0004.0030 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740018 Ticks: 1110 (0:00:00:17.316) Context Switch Count 30328 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:01.279 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fcddd0 Current fffff88000fcd9d0 Base fffff88000fce000 Limit fffff88000fc8000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018457c0 Cid 0004.004c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff802b3d84180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88000ffedd0 Current fffff88000ffe950 Base fffff88000fff000 Limit fffff88000ff9000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800181c040 Cid 0004.0054 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff880009eb180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 135 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88002f0fdd0 Current fffff88002f0f950 Base fffff88002f10000 Limit fffff88002f0a000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001802b00 Cid 0004.0060 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable fffff802b3d53f80 NotificationEvent fffff802b3d540c0 Semaphore Limit 0x7fffffff fffff802b3d53f40 NotificationEvent fffff802b3d54020 NotificationEvent fffff802b3d527a0 NotificationEvent fffff802b3d527c0 SynchronizationEvent fffff802b3d53ee0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736321 Ticks: 4807 (0:00:01:14.989) Context Switch Count 1760 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiDereferenceSegmentThread (0xfffff802b3ac194c) Stack Init fffff88002f24dd0 Current fffff88002f249d0 Base fffff88002f25000 Limit fffff88002f1f000 Call 0 Priority 19 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018177c0 Cid 0004.0064 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d276a0 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15732487 Ticks: 8641 (0:00:02:14.800) Context Switch Count 866 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiModifiedPageWriter (0xfffff802b3baa478) Stack Init fffff88002f2bdd0 Current fffff88002f2ba40 Base fffff88002f2c000 Limit fffff88002f26000 Call 0 Priority 18 BasePriority 18 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001833040 Cid 0004.0068 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad80 SynchronizationEvent fffff802b3d52f60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 3280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.156 Win32 Start Address nt!KeBalanceSetManager (0xfffff802b3b36620) Stack Init fffff88002f32dd0 Current fffff88002f329f0 Base fffff88002f33000 Limit fffff88002f2d000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001823040 Cid 0004.006c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d53aa0 SynchronizationEvent fffff802b3d53ab8 SynchronizationEvent fffff802b3d53ad0 SynchronizationEvent fffff802b3d53ae8 SynchronizationEvent fffff802b3d53b00 SynchronizationEvent fffff802b3d53b18 SynchronizationEvent fffff802b3d53b30 SynchronizationEvent fffff802b3d53b48 SynchronizationEvent fffff802b3d53b60 SynchronizationEvent fffff802b3d53b78 SynchronizationEvent fffff802b3d53b90 SynchronizationEvent fffff802b3d53ba8 SynchronizationEvent fffff802b3d53bc0 SynchronizationEvent fffff802b3d53bd8 SynchronizationEvent fffff802b3d53bf0 SynchronizationEvent fffff802b3d53c08 SynchronizationEvent fffff802b3d53c20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741060 Ticks: 68 (0:00:00:01.060) Context Switch Count 16742 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!MiMappedPageWriter (0xfffff802b3b6f140) Stack Init fffff88002f39dd0 Current fffff88002f39970 Base fffff88002f3a000 Limit fffff88002f34000 Call 0 Priority 18 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001810b00 Cid 0004.0070 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad40 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 9193 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address nt!KeSwapProcessOrStack (0xfffff802b3aec50c) Stack Init fffff88002f40dd0 Current fffff88002f40a20 Base fffff88002f41000 Limit fffff88002f3b000 Call 0 Priority 23 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001803040 Cid 0004.007c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d6fd60 SynchronizationEvent fffff802b3d6fd80 SynchronizationEvent fffff802b3d6fda0 SynchronizationEvent fffff802b3d6fdc0 SynchronizationEvent fffff802b3d6fde0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741056 Ticks: 72 (0:00:00:01.123) Context Switch Count 1706 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!CcQueueLazyWriteScanThread (0xfffff802b3b893d8) Stack Init fffff88002f55dd0 Current fffff88002f559e0 Base fffff88002f56000 Limit fffff88002f50000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001800040 Cid 0004.0080 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e020 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f61dd0 Current fffff88002f61a20 Base fffff88002f62000 Limit fffff88002f5c000 Call 0 Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800182b800 Cid 0004.0084 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e060 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f68dd0 Current fffff88002f68a20 Base fffff88002f69000 Limit fffff88002f63000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001825b00 Cid 0004.0088 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001807230 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65 Ticks: 15741063 (2:20:12:42.156) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f8fdd0 Current fffff88002f8f950 Base fffff88002f90000 Limit fffff88002f8a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800183a040 Cid 0004.008c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001818e30 SynchronizationEvent fffffa8001818e48 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 403 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f96dd0 Current fffff88002f969e0 Base fffff88002f97000 Limit fffff88002f91000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001839b00 Cid 0004.0090 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001802230 SynchronizationEvent fffffa8001802248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 207 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f9ddd0 Current fffff88002f9d9e0 Base fffff88002f9e000 Limit fffff88002f98000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001903b00 Cid 0004.0094 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001903230 SynchronizationEvent fffffa8001903248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 60 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fa4dd0 Current fffff88002fa49e0 Base fffff88002fa5000 Limit fffff88002f9f000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001902040 Cid 0004.0098 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019038f0 SynchronizationEvent fffffa8001903908 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739331 Ticks: 1797 (0:00:00:28.033) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fabdd0 Current fffff88002fab9e0 Base fffff88002fac000 Limit fffff88002fa6000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800196fb00 Cid 0004.00a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001970230 SynchronizationEvent fffffa8001970248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 506 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc0dd0 Current fffff88002fc09e0 Base fffff88002fc1000 Limit fffff88002fbb000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800196d040 Cid 0004.00a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800196e4b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15712882 Ticks: 28246 (0:00:07:20.640) Context Switch Count 130 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc7dd0 Current fffff88002fc7950 Base fffff88002fc8000 Limit fffff88002fc2000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001810040 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fd5dd0 Current fffff88002fd5a20 Base fffff88002fd6000 Limit fffff88002fd0000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80017ff800 Cid 0004.00b4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fdcdd0 Current fffff88002fdca20 Base fffff88002fdd000 Limit fffff88002fd7000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80017fe040 Cid 0004.00b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fe3dd0 Current fffff88002fe3a20 Base fffff88002fe4000 Limit fffff88002fde000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80017feb00 Cid 0004.00bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002feadd0 Current fffff88002feaa20 Base fffff88002feb000 Limit fffff88002fe5000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001904300 Cid 0004.00c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001040bc0 NotificationEvent fffff88001040c00 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 2107 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ACPI!ACPIWorkerThread (0xfffff88001006874) Stack Init fffff88002ff1dd0 Current fffff88002ff1a00 Base fffff88002ff2000 Limit fffff88002fec000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80019a8b00 Cid 0004.00c8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019a84e0 SynchronizationEvent fffffa80019a84f8 SynchronizationEvent fffffa80019a8510 SynchronizationEvent fffffa80019a8528 SynchronizationEvent fffffa80019a8540 SynchronizationEvent fffffa80019a8558 SynchronizationEvent fffffa80019a8570 SynchronizationEvent fffffa80019a8588 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678945 Ticks: 62183 (0:00:16:10.061) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pci!RootPmeEventDispatcher (0xfffff8800119ef34) Stack Init fffff88003019dd0 Current fffff88003019810 Base fffff8800301a000 Limit fffff88003014000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80019a7040 Cid 0004.00cc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001857698 SynchronizationEvent fffffa8001857680 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678905 Ticks: 62223 (0:00:16:10.685) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ACPI!PciRootBusBiosMethodDispatcherOnResume (0xfffff8800100d654) Stack Init fffff88003020dd0 Current fffff88003020a00 Base fffff88003021000 Limit fffff8800301b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80024f7b00 Cid 0004.00d0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a01770 NotificationEvent fffffa8001a01788 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8583 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address WdFilter!MpAsyncpWorkerThread (0xfffff8800158e360) Stack Init fffff880030a8dd0 Current fffff880030a89d0 Base fffff880030a9000 Limit fffff880030a3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80024fd040 Cid 0004.00d4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001ce4ba0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734738 Ticks: 6390 (0:00:01:39.684) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ndis!ndisThreadPoolTimerHandler (0xfffff88001c843e8) Stack Init fffff880030d9dd0 Current fffff880030d9a40 Base fffff880030da000 Limit fffff880030d4000 Call 0 Priority 15 BasePriority 7 UnusualBoost 8 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80024fdb00 Cid 0004.00d8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 96856 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff880030e0dd0 Current fffff880030e09f0 Base fffff880030e1000 Limit fffff880030db000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002651b00 Cid 0004.00ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736316 Ticks: 4812 (0:00:01:15.067) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff88002f4edd0 Current fffff88002f4ea40 Base fffff88002f4f000 Limit fffff88002f49000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 THREAD fffffa8002650040 Cid 0004.00f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 1317 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031a9dd0 Current fffff880031a9a40 Base fffff880031aa000 Limit fffff880031a4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002650b00 Cid 0004.00f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea200 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 2841 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.234 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b0dd0 Current fffff880031b0a40 Base fffff880031b1000 Limit fffff880031ab000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80026505c0 Cid 0004.00f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea220 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 704 Ticks: 15740424 (2:20:12:32.188) Context Switch Count 276 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b7dd0 Current fffff880031b7a40 Base fffff880031b8000 Limit fffff880031b2000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 THREAD fffffa800264f040 Cid 0004.00fc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea240 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031bedd0 Current fffff880031bea40 Base fffff880031bf000 Limit fffff880031b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800264fb00 Cid 0004.0100 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea260 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031c5dd0 Current fffff880031c5a40 Base fffff880031c6000 Limit fffff880031c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800264e040 Cid 0004.0104 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea280 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031ccdd0 Current fffff880031cca40 Base fffff880031cd000 Limit fffff880031c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800264eb00 Cid 0004.0108 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2a0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031d3dd0 Current fffff880031d3a40 Base fffff880031d4000 Limit fffff880031ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800264e5c0 Cid 0004.010c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031dadd0 Current fffff880031daa40 Base fffff880031db000 Limit fffff880031d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002c6cb00 Cid 0004.0114 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88003574520 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14317 Ticks: 15726811 (2:20:08:59.823) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address watchdog!SMgrGdiCalloutThread (0xfffff8800356eddc) Stack Init fffff880031f7dd0 Current fffff880031f7a40 Base fffff880031f8000 Limit fffff880031f2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002daab00 Cid 0004.0118 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002daaea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 118 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!SepRmCommandServerThread (0xfffff802b3e4fd10) Stack Init fffff88002f6fdd0 Current fffff88002f6f270 Base fffff88002f70000 Limit fffff88002f6a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002dec080 Cid 0004.0150 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffff802b3d6e560 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740122 Ticks: 1006 (0:00:00:15.693) Context Switch Count 2339 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!CmpLazyFlushWorker (0xfffff802b3e46354) Stack Init fffff88003165dd0 Current fffff88003165a40 Base fffff88003166000 Limit fffff88003160000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e2b300 Cid 0004.015c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 100462 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.218 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff8800305cdd0 Current fffff8800305c9f0 Base fffff8800305d000 Limit fffff88003057000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e59b00 Cid 0004.0160 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88004d58460 SynchronizationEvent fffff88004d584a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 2986 Ticks: 15738142 (2:20:11:56.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address raspptp!MainPassiveLevelThread (0xfffff88004d4db60) Stack Init fffff88003c06dd0 Current fffff88003c06a00 Base fffff88003c07000 Limit fffff88003c01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80031a4b00 Cid 0004.0164 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d200 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737833 Ticks: 3295 (0:00:00:51.402) Context Switch Count 353 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8800307fdd0 Current fffff8800307f9d0 Base fffff88003080000 Limit fffff8800307a000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80031c7040 Cid 0004.0170 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15707887 Ticks: 33241 (0:00:08:38.562) Context Switch Count 5887 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.600 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c2fdd0 Current fffff88003c2f9d0 Base fffff88003c30000 Limit fffff88003c2a000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80031c7b00 Cid 0004.0174 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740197 Ticks: 931 (0:00:00:14.523) Context Switch Count 4243 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.319 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c36dd0 Current fffff88003c369d0 Base fffff88003c37000 Limit fffff88003c31000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003260040 Cid 0004.017c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800325d948 NotificationEvent fffffa800325d960 NotificationEvent fffffa800325d978 NotificationEvent fffffa800325d990 NotificationEvent fffffa800325d9a8 NotificationEvent fffffa800325d9c0 NotificationEvent fffffa800325d9d8 NotificationEvent fffffa800325d9f0 NotificationEvent fffffa800325da08 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 243 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bthport!HCI_ThreadFunction (0xfffff880044df418) Stack Init fffff88003071dd0 Current fffff88003071770 Base fffff88003072000 Limit fffff8800306c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800183f080 Cid 0004.01a0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8002e421e8 SynchronizationEvent fffffa8002e42240 SynchronizationEvent fffffa8002e42298 SynchronizationEvent fffffa8002e42178 SynchronizationEvent fffffa8002e42148 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733181 Ticks: 7947 (0:00:02:03.973) Context Switch Count 25299 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address BasicRender!WARPKMADAPTER::WarpGPUWorkerThread (0xfffff880019f2860) Stack Init fffff88003c4bdd0 Current fffff88003c4abd0 Base fffff88003c4c000 Limit fffff88003c46000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800188f080 Cid 0004.01a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018d8948 SynchronizationEvent fffffa80018d8910 SynchronizationEvent fffffa80018d89b8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734591 Ticks: 6537 (0:00:01:41.977) Context Switch Count 68404 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff88003c5add0 Current fffff88003c5a850 Base fffff88003c5b000 Limit fffff88003c55000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800188db00 Cid 0004.01a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable fffff88003c3db28 SynchronizationEvent fffff88003c3db10 SynchronizationEvent fffff88003c3dae0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65555 Ticks: 15675573 (2:19:55:40.506) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!BLTQUEUE::BltQueueWorkerThread (0xfffff880034a21e8) Stack Init fffff88003c3ddd0 Current fffff88003c3d780 Base fffff88003c3e000 Limit fffff88003c38000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80033af900 Cid 0004.01e0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Alertable fffffa8002e8a880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 481 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 *** WARNING: Unable to verify timestamp for msrpc.sys *** ERROR: Module load completed but symbols could not be loaded for msrpc.sys Win32 Start Address msrpc (0xfffff88000c9cb70) Stack Init fffff88003de6dd0 Current fffff88003de6650 Base fffff88003de7000 Limit fffff88003de1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80036fb740 Cid 0004.02a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800373f0e0 NotificationEvent fffffa800373f0f8 SynchronizationEvent fffffa800373f140 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11275 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address luafv!UsnThread (0xfffff88015276f50) Stack Init fffff880150bcdd0 Current fffff880150bc8f0 Base fffff880150bd000 Limit fffff880150b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003048980 Cid 0004.04bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048050 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28512 Ticks: 15712616 (2:20:05:18.380) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e92dd0 Current fffff88014e929f0 Base fffff88014e93000 Limit fffff88014e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003048440 Cid 0004.04c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048ed0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28702 Ticks: 15712426 (2:20:05:15.416) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e99dd0 Current fffff88014e999f0 Base fffff88014e9a000 Limit fffff88014e94000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003050b00 Cid 0004.04c4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80017f3ee0 NotificationEvent fffffa8001845760 NotificationEvent fffff88015afb780 NotificationEvent fffff88015afb7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15730694 Ticks: 10434 (0:00:02:42.771) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpScavengerThread (0xfffff88015ab8c90) Stack Init fffff88014ea0dd0 Current fffff88014ea08c0 Base fffff88014ea1000 Limit fffff88014e9b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003093b00 Cid 0004.0504 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015bc09c0 SynchronizationEvent fffff88015bc09a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpsdrv!IP6StringToAddress (0xfffff88015bb2600) Stack Init fffff88014efbdd0 Current fffff88014efb9e0 Base fffff88014efc000 Limit fffff88014ef6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80030ad080 Cid 0004.051c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80030a1230 SynchronizationEvent fffffa80030a1248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736873 Ticks: 4255 (0:00:01:06.378) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88014f1edd0 Current fffff88014f1e9e0 Base fffff88014f1f000 Limit fffff88014f19000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003b63040 Cid 0004.0560 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019f29f8 SynchronizationEvent fffffa80019f2a10 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736919 Ticks: 4209 (0:00:01:05.660) Context Switch Count 169 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address Ndu!NduTokenComputeTokensWorkerRoutine (0xfffff8801534cd58) Stack Init fffff88014f87dd0 Current fffff88014f879e0 Base fffff88014f88000 Limit fffff88014f82000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003bc0700 Cid 0004.0624 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003bf59f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739618 Ticks: 1510 (0:00:00:23.556) Context Switch Count 199 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88015e1bdd0 Current fffff88015e1b950 Base fffff88015e1c000 Limit fffff88015e16000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003df1b00 Cid 0004.06e8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5a8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15682200 Ticks: 58928 (0:00:15:19.282) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed1dd0 Current fffff88015ed1a10 Base fffff88015ed2000 Limit fffff88015ecc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003df15c0 Cid 0004.06ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b580 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15681641 Ticks: 59487 (0:00:15:28.003) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015eb5dd0 Current fffff88015eb5a10 Base fffff88015eb6000 Limit fffff88015eb0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003defb00 Cid 0004.06f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5d0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed8dd0 Current fffff88015ed8a10 Base fffff88015ed9000 Limit fffff88015ed3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003def5c0 Cid 0004.06f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8003e38168 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcIRPThread (0xfffff88015c54a50) Stack Init fffff88015edfdd0 Current fffff88015edf9c0 Base fffff88015ee0000 Limit fffff88015eda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003e6eb00 Cid 0004.0700 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e669a8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015ef4dd0 Current fffff88015ef4970 Base fffff88015ef5000 Limit fffff88015eef000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e6e5c0 Cid 0004.0704 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66cc8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015efbdd0 Current fffff88015efb970 Base fffff88015efc000 Limit fffff88015ef6000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7e040 Cid 0004.0708 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66648 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f02dd0 Current fffff88015f02970 Base fffff88015f03000 Limit fffff88015efd000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7eb00 Cid 0004.070c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffff88015399c18 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f09dd0 Current fffff88015f09970 Base fffff88015f0a000 Limit fffff88015f04000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80040a8080 Cid 0004.0858 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d10f08 NotificationEvent fffff802b3d10ec8 NotificationEvent fffff802b3d10eb0 NotificationEvent fffff802b3d11190 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740942 Ticks: 186 (0:00:00:02.901) Context Switch Count 4821 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.546 Win32 Start Address nt!PfTLoggingWorker (0xfffff802b3f605a0) Stack Init fffff8801628cdd0 Current fffff8801628c8f0 Base fffff8801628d000 Limit fffff88016287000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003e14b00 Cid 0004.0924 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a2e9a0 Semaphore Limit 0x4000 fffffa8001a2e9e8 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14339 Ticks: 15726789 (2:20:08:59.480) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine (0xfffff88003ecd5e0) Stack Init fffff880161e2dd0 Current fffff880161e24e0 Base fffff880161e3000 Limit fffff880161dd000 Call 0 Priority 7 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003fe9b00 Cid 0004.0928 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018a4a90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678938 Ticks: 62190 (0:00:16:10.170) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!DpiPowerArbiterThread (0xfffff880034d2c6c) Stack Init fffff8801636cdd0 Current fffff8801636ca20 Base fffff8801636d000 Limit fffff88016367000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018b6b00 Cid 0004.094c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001899948 SynchronizationEvent fffffa8001899910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 52310 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:02.152 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff8801638fdd0 Current fffff8801638f850 Base fffff88016390000 Limit fffff8801638a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800416db00 Cid 0004.0c1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d1b0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1166 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801722cdd0 Current fffff8801722c9d0 Base fffff8801722d000 Limit fffff88017227000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001f1eb00 Cid 0004.0fb4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736574 Ticks: 4554 (0:00:01:11.042) Context Switch Count 12894 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88014f95dd0 Current fffff88014f959d0 Base fffff88014f96000 Limit fffff88014f90000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800406ea40 Cid 0004.0f88 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d160 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 1547 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801754fdd0 Current fffff8801754f9d0 Base fffff88017550000 Limit fffff8801754a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003fb7040 Cid 0004.0f8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734339 Ticks: 6789 (0:00:01:45.909) Context Switch Count 18574 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:04.461 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f33dd0 Current fffff88015f339d0 Base fffff88015f34000 Limit fffff88015f2e000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e8a3c0 Cid 0004.0d54 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1236 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f3add0 Current fffff88015f3a9d0 Base fffff88015f3b000 Limit fffff88015f35000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001da2380 Cid 0004.0f28 Teb: 0000000000000000 Win32Thread: 0000000000000000 READY on processor 1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 2738 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:06.427 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f41dd0 Current fffff88015f419d0 Base fffff88015f42000 Limit fffff88015f3c000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003da1b00 Cid 0004.0eb0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741099 Ticks: 29 (0:00:00:00.452) Context Switch Count 8016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f87dd0 Current fffff88015f879d0 Base fffff88015f88000 Limit fffff88015f82000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80037195c0 Cid 0004.0eb8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 724 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016014dd0 Current fffff880160149d0 Base fffff88016015000 Limit fffff8801600f000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002353b00 Cid 0004.0f1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15720041 Ticks: 21087 (0:00:05:28.959) Context Switch Count 2281 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.062 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016030dd0 Current fffff880160309d0 Base fffff88016031000 Limit fffff8801602b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002128840 Cid 0004.0ef8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736573 Ticks: 4555 (0:00:01:11.058) Context Switch Count 454 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016037dd0 Current fffff880160379d0 Base fffff88016038000 Limit fffff88016032000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800236cb00 Cid 0004.0ebc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800183bbc5 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733088 Ticks: 8040 (0:00:02:05.424) Context Switch Count 24255 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:03.026 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016076dd0 Current fffff880160761a0 Base fffff88016077000 Limit fffff88016071000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002376b00 Cid 0004.0d8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 18608 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.452 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880160a0dd0 Current fffff880160a09d0 Base fffff880160a1000 Limit fffff8801609b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001ee6b00 Cid 0004.0f64 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880173e9dd0 Current fffff880173e99d0 Base fffff880173ea000 Limit fffff880173e4000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002d78500 SessionId: none Cid: 011c Peb: 7f6a68af000 ParentCid: 0004 DirBase: 06696000 ObjectTable: fffff8a000b3b840 HandleCount: Image: smss.exe VadRoot fffffa8002ccfaf0 Vads 15 Clone 0 Private 67. Modified 46. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a000b3e040 ElapsedTime 2 Days 20:12:14.852 UserTime 00:00:00.000 KernelTime 00:00:00.046 QuotaPoolUsage[PagedPool] 12368 QuotaPoolUsage[NonPagedPool] 2576 Working Set Sizes (now,min,max) (210, 50, 345) (840KB, 200KB, 1380KB) PeakWorkingSetSize 236 VirtualSize 4 Mb PeakVirtualSize 23 Mb PageFaultCount 562 MemoryPriority BACKGROUND BasePriority 11 CommitCharge 80 Setting context for this process... .process /p /r fffffa8002d78500 !peb PEB at 000007f6a68af000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6a6b40000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000cf0be31810 . 000000cf0be31810 Ldr.InLoadOrderModuleList: 000000cf0be31970 . 000000cf0be317f0 Ldr.InMemoryOrderModuleList: 000000cf0be31980 . 000000cf0be31800 Base TimeStamp Module 7f6a6b40000 5010ac3a Jul 26 03:32:26 2012 \SystemRoot\System32\smss.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll SubSystemData: 0000000000000000 ProcessHeap: 000000cf0be30000 ProcessParameters: 000000cf0be308f0 CurrentDirectory: 'C:\WINDOWS\' WindowTitle: '< Name not readable >' ImageFile: '\SystemRoot\System32\smss.exe' CommandLine: '\SystemRoot\System32\smss.exe' DllPath: '< Name not readable >' Environment: 000000cf0be30860 Path=C:\WINDOWS\System32 SystemDrive=C: SystemRoot=C:\WINDOWS THREAD fffffa8002dd1b00 Cid 011c.0120 Teb: 000007f6a68ad000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002e6b1c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 4944 Ticks: 15736184 (2:20:11:26.043) Context Switch Count 548 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.436 Win32 Start Address smss!NtProcessStartupW (0x000007f6a6b5bf10) Stack Init fffff88003001dd0 Current fffff880030010f0 Base fffff88003002000 Limit fffff88002ffc000 Call 0 Priority 13 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800209c440 Cid 011c.0ff0 Teb: 000007f6a68ab000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165f1dd0 Current fffff880165f1760 Base fffff880165f2000 Limit fffff880165ec000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d37700 Cid 011c.0d18 Teb: 000007f6a68a7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003035dd0 Current fffff88003035760 Base fffff88003036000 Limit fffff88003030000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8002e6b1c0 SessionId: 0 Cid: 0190 Peb: 7f7688e8000 ParentCid: 0188 DirBase: 114d5000 ObjectTable: fffff8a001c6c680 HandleCount: Image: csrss.exe VadRoot fffffa80037bb420 Vads 87 Clone 0 Private 323. Modified 348. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a001c6ca80 ElapsedTime 2 Days 20:11:51.905 UserTime 00:00:00.015 KernelTime 00:00:01.372 QuotaPoolUsage[PagedPool] 119768 QuotaPoolUsage[NonPagedPool] 11280 Working Set Sizes (now,min,max) (3840, 50, 345) (15360KB, 200KB, 1380KB) PeakWorkingSetSize 9500 VirtualSize 43 Mb PeakVirtualSize 49 Mb PageFaultCount 92593 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 349 Setting context for this process... .process /p /r fffffa8002e6b1c0 !peb PEB at 000007f7688e8000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7697f0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000001685cd1680 . 0000001685ce1c00 Ldr.InLoadOrderModuleList: 0000001685cd17e0 . 0000001685ce1be0 Ldr.InMemoryOrderModuleList: 0000001685cd17f0 . 0000001685ce1bf0 Base TimeStamp Module 7f7697f0000 5010ac39 Jul 26 03:32:25 2012 C:\WINDOWS\system32\csrss.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef4e80000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\CSRSRV.dll 7fef4e60000 5010ac2a Jul 26 03:32:10 2012 C:\WINDOWS\system32\basesrv.DLL 7fef4e20000 505a9a3c Sep 20 05:23:24 2012 C:\WINDOWS\system32\winsrv.DLL 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\SYSTEM32\kernelbase.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\SYSTEM32\kernel32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef4e10000 5010aa9e Jul 26 03:25:34 2012 C:\WINDOWS\system32\sxssrv.DLL 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\system32\sxs.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll SubSystemData: 0000000000000000 ProcessHeap: 0000001685cd0000 ProcessParameters: 0000001685cd0d00 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: '< Name not readable >' ImageFile: 'C:\WINDOWS\system32\csrss.exe' CommandLine: '%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16' DllPath: '< Name not readable >' Environment: 0000001685cd0860 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM windir=C:\WINDOWS THREAD fffffa80032b0600 Cid 0190.01ac Teb: 000007f7688ec000 Win32Thread: fffff901006ddb90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa80032b09a8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0023e4b90 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0) Stack Init fffff88003dacdd0 Current fffff88003dac660 Base fffff88003dad000 Limit fffff88003da7000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e6a940 Cid 0190.01b0 Teb: 000007f7688ea000 Win32Thread: fffff901006c1b90 WAIT: (UserRequest) UserMode Alertable fffffa800279a6c0 SynchronizationEvent fffffa80031b6be0 SynchronizationEvent fffffa8002e4b7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630) Stack Init fffff88003dbadd0 Current fffff88003dba180 Base fffff88003dbb000 Limit fffff88003db5000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80019ccb00 Cid 0190.01b4 Teb: 000007f7688e6000 Win32Thread: fffff901000c4b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80019ccea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1385 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.078 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88003db3dd0 Current fffff88003db3750 Base fffff88003db4000 Limit fffff88003dae000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e8cb00 Cid 0190.01b8 Teb: 000007f7688e4000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002e8cea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10) Stack Init fffff88003dc1dd0 Current fffff88003dc17a0 Base fffff88003dc2000 Limit fffff88003dbc000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002ecc9c0 Cid 0190.01d8 Teb: 000007f7688ee000 Win32Thread: fffff901001a5450 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002eccd68 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1291 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88003dd1dd0 Current fffff88003dd1750 Base fffff88003dd2000 Limit fffff88003dcc000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800368ab00 Cid 0190.0210 Teb: 000007f7687be000 Win32Thread: fffff901001a3b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa800367bb50 SynchronizationEvent fffffa800367b970 NotificationTimer fffffa800367b920 SynchronizationTimer fffff802b3d20c20 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 307 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff88003deddd0 Current fffff88003ded810 Base fffff88003dee000 Limit fffff88003de8000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800367fb00 Cid 0190.0214 Teb: 000007f7687bc000 Win32Thread: fffff901001a3610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800367b8f0 SynchronizationEvent fffffa8002eec1f0 SynchronizationEvent fffffa80036828e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 38 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801501bdd0 Current fffff8801501b7e0 Base fffff8801501c000 Limit fffff88015016000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003799b00 Cid 0190.02f8 Teb: 000007f7687ba000 Win32Thread: fffff901000bb580 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037999f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801512cdd0 Current fffff8801512c750 Base fffff8801512d000 Limit fffff88015127000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001eec080 Cid 0190.0258 Teb: 000007f7687b4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbd180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016373dd0 Current fffff88016373760 Base fffff88016374000 Limit fffff8801636e000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002e7b940 SessionId: 0 Cid: 01c4 Peb: 7f6f01fc000 ParentCid: 0188 DirBase: 2449b000 ObjectTable: fffff8a00156ed80 HandleCount: Image: wininit.exe VadRoot fffffa8002d8f2f0 Vads 42 Clone 0 Private 175. Modified 121. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a00156d610 ElapsedTime 2 Days 20:11:36.367 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 97312 QuotaPoolUsage[NonPagedPool] 8128 Working Set Sizes (now,min,max) (942, 50, 345) (3768KB, 200KB, 1380KB) PeakWorkingSetSize 1006 VirtualSize 40 Mb PeakVirtualSize 43 Mb PageFaultCount 1558 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 255 Setting context for this process... .process /p /r fffffa8002e7b940 !peb PEB at 000007f6f01fc000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6f0910000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000e716ab14b0 . 000000e716abe230 Ldr.InLoadOrderModuleList: 000000e716ab1610 . 000000e716abe210 Ldr.InMemoryOrderModuleList: 000000e716ab1620 . 000000e716abe220 Base TimeStamp Module 7f6f0910000 50108947 Jul 26 01:03:19 2012 C:\WINDOWS\system32\wininit.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4de0000 50108942 Jul 26 01:03:14 2012 C:\WINDOWS\SYSTEM32\wininitext.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll SubSystemData: 0000000000000000 ProcessHeap: 000000e716ab0000 ProcessParameters: 000000e716ab0d00 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: '< Name not readable >' ImageFile: 'C:\WINDOWS\system32\wininit.exe' CommandLine: 'wininit.exe' DllPath: '< Name not readable >' Environment: 000000e716acc940 ALLUSERSPROFILE=C:\ProgramData CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8002e8b5c0 Cid 01c4.01c8 Teb: 000007f6f01fe000 Win32Thread: fffff901000d4820 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003686d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 7115 Ticks: 15734013 (2:20:10:52.175) Context Switch Count 2948 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.358 Win32 Start Address wininit!WinMainCRTStartup (0x000007f6f0915c8c) Stack Init fffff88003c68dd0 Current fffff88003c68900 Base fffff88003c69000 Limit fffff88003c63000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80041acb00 Cid 01c4.0e20 Teb: 000007f6f01fa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002e6bd40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f6bdd0 Current fffff88015f6b760 Base fffff88015f6c000 Limit fffff88015f66000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa80033c3080 SessionId: 0 Cid: 0220 Peb: 7f75ab5d000 ParentCid: 01c4 DirBase: 2e23b000 ObjectTable: fffff8a0016a32c0 HandleCount: Image: services.exe VadRoot fffffa800373e230 Vads 66 Clone 0 Private 819. Modified 718. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a0016a8060 ElapsedTime 2 Days 20:11:16.711 UserTime 00:00:00.327 KernelTime 00:00:01.326 QuotaPoolUsage[PagedPool] 93456 QuotaPoolUsage[NonPagedPool] 11424 Working Set Sizes (now,min,max) (1728, 50, 345) (6912KB, 200KB, 1380KB) PeakWorkingSetSize 2755 VirtualSize 31 Mb PeakVirtualSize 46 Mb PageFaultCount 6611 MemoryPriority BACKGROUND BasePriority 9 CommitCharge 1007 Setting context for this process... .process /p /r fffffa80033c3080 !peb PEB at 000007f75ab5d000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f75acc0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000069837d1880 . 0000006983802d00 Ldr.InLoadOrderModuleList: 00000069837d19e0 . 0000006983802ce0 Ldr.InMemoryOrderModuleList: 00000069837d19f0 . 0000006983802cf0 Base TimeStamp Module 7f75acc0000 505ab374 Sep 20 07:11:00 2012 C:\WINDOWS\system32\services.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef4a40000 50108a5e Jul 26 01:07:58 2012 C:\WINDOWS\system32\scext.dll 7fef4920000 505a9abe Sep 20 05:25:34 2012 C:\WINDOWS\system32\UBPM.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\system32\srvcli.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\SYSTEM32\spinf.dll 7fef4160000 501088ac Jul 26 01:00:44 2012 C:\WINDOWS\SYSTEM32\scesrv.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\system32\AUTHZ.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll SubSystemData: 0000000000000000 ProcessHeap: 00000069837d0000 ProcessParameters: 00000069837d1030 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\services.exe' ImageFile: 'C:\WINDOWS\system32\services.exe' CommandLine: 'C:\WINDOWS\system32\services.exe' DllPath: '< Name not readable >' Environment: 00000069837d0860 ALLUSERSPROFILE=C:\ProgramData CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa800372cb00 Cid 0220.0278 Teb: 000007f75ab53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1e760 SynchronizationEvent fffffa8003715800 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address UBPM!UbpmpConsumeEvents (0x000007fef493cb10) Stack Init fffff8801507ddd0 Current fffff8801507d180 Base fffff8801507e000 Limit fffff88015078000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003746640 Cid 0220.02a4 Teb: 000007f75aa2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003743080 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 12509 Ticks: 15728619 (2:20:09:28.028) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150cadd0 Current fffff880150ca760 Base fffff880150cb000 Limit fffff880150c5000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc5b00 Cid 0220.0ab4 Teb: 000007f75aa2e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038142e0 NotificationEvent fffffa8002cf71c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 157 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f09dd0 Current fffff88014f09180 Base fffff88014f0a000 Limit fffff88014f04000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cfdb00 Cid 0220.0284 Teb: 000007f75ab59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 294 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165c9dd0 Current fffff880165c9760 Base fffff880165ca000 Limit fffff880165c4000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002669080 Cid 0220.07cc Teb: 000007f75aa24000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017053dd0 Current fffff88017053760 Base fffff88017054000 Limit fffff8801704e000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002664b00 Cid 0220.097c Teb: 000007f75ab5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e9dd0 Current fffff880164e9760 Base fffff880164ea000 Limit fffff880164e4000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d2c700 Cid 0220.0ca4 Teb: 000007f75ab5b000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15733062 Ticks: 8066 (0:00:02:05.830) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164f2dd0 Current fffff880164f2760 Base fffff880164f3000 Limit fffff880164ed000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018f5b00 Cid 0220.05f0 Teb: 000007f75aa28000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e1dd0 Current fffff880164e1760 Base fffff880164e2000 Limit fffff880164dc000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003694940 SessionId: 0 Cid: 0228 Peb: 7f6f354f000 ParentCid: 01c4 DirBase: 2e64e000 ObjectTable: fffff8a0016aca40 HandleCount: Image: lsass.exe VadRoot fffffa800365b990 Vads 109 Clone 0 Private 892. Modified 1044. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a0016c6860 ElapsedTime 2 Days 20:11:15.588 UserTime 00:00:00.546 KernelTime 00:00:01.372 QuotaPoolUsage[PagedPool] 100688 QuotaPoolUsage[NonPagedPool] 24352 Working Set Sizes (now,min,max) (2680, 50, 345) (10720KB, 200KB, 1380KB) PeakWorkingSetSize 2731 VirtualSize 36 Mb PeakVirtualSize 38 Mb PageFaultCount 5181 MemoryPriority BACKGROUND BasePriority 9 CommitCharge 1107 Setting context for this process... .process /p /r fffffa8003694940 !peb PEB at 000007f6f354f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6f3890000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000002279a01870 . 0000002279a45ce0 Ldr.InLoadOrderModuleList: 0000002279a019d0 . 0000002279a45cc0 Ldr.InMemoryOrderModuleList: 0000002279a019e0 . 0000002279a45cd0 Base TimeStamp Module 7f6f3890000 505a9bdf Sep 20 05:30:23 2012 C:\WINDOWS\system32\lsass.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4b90000 505ab35e Sep 20 07:10:38 2012 C:\WINDOWS\system32\SspiSrv.dll 7fef4a50000 5010890e Jul 26 01:02:22 2012 C:\WINDOWS\system32\lsasrv.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef4980000 50108928 Jul 26 01:02:48 2012 C:\WINDOWS\SYSTEM32\samsrv.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll 7fef4820000 5010acc1 Jul 26 03:34:41 2012 C:\WINDOWS\system32\msprivs.DLL 7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll 7fef47b0000 50108948 Jul 26 01:03:20 2012 C:\WINDOWS\system32\negoexts.DLL 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL 7fef4520000 50108926 Jul 26 01:02:46 2012 C:\WINDOWS\system32\netlogon.DLL 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll 7fef4440000 50108a08 Jul 26 01:06:32 2012 C:\WINDOWS\system32\logoncli.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4370000 50108a46 Jul 26 01:07:34 2012 C:\WINDOWS\system32\wdigest.DLL 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4300000 5010895c Jul 26 01:03:40 2012 C:\WINDOWS\system32\tspkg.DLL 7fef42b0000 50108915 Jul 26 01:02:29 2012 C:\WINDOWS\system32\pku2u.DLL 7fef4260000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\livessp.DLL 7fef4240000 5010a978 Jul 26 03:20:40 2012 C:\WINDOWS\system32\efslsaext.dll 7fef4210000 5010870d Jul 26 00:53:49 2012 C:\WINDOWS\system32\dpapisrv.dll 7fef41d0000 501088ba Jul 26 01:00:58 2012 C:\WINDOWS\system32\scecli.DLL 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\winsta.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\SYSTEM32\wevtapi.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7feeb050000 50108a8f Jul 26 01:08:47 2012 C:\WINDOWS\system32\ncryptprov.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7feeb010000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\dssenh.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\system32\DPAPI.dll 7feea850000 501088a9 Jul 26 01:00:41 2012 C:\WINDOWS\system32\keyiso.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\system32\AUTHZ.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fee6d90000 5010a4fc Jul 26 03:01:32 2012 C:\WINDOWS\system32\certpoleng.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll 7fee90e0000 501085c0 Jul 26 00:48:16 2012 C:\Windows\System32\vaultsvc.dll SubSystemData: 0000000000000000 ProcessHeap: 0000002279a00000 ProcessParameters: 0000002279a01030 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\lsass.exe' ImageFile: 'C:\WINDOWS\system32\lsass.exe' CommandLine: 'C:\WINDOWS\system32\lsass.exe' DllPath: '< Name not readable >' Environment: 0000002279a00860 ALLUSERSPROFILE=C:\ProgramData CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\System32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8003672080 Cid 0228.0230 Teb: 000007f6f354b000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8003672428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15680668 Ticks: 60460 (0:00:15:43.182) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lsass!LsapRmServerThread (0x000007f6f3891040) Stack Init fffff88015029dd0 Current fffff880150297a0 Base fffff8801502a000 Limit fffff88015024000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800369cb00 Cid 0228.0234 Teb: 000007f6f3549000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800368c4c0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15692050 Ticks: 49078 (0:00:12:45.621) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lsasrv!ServiceDispatcherThread (0x000007fef4aa3990) Stack Init fffff8801504cdd0 Current fffff8801504c900 Base fffff8801504d000 Limit fffff88015047000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80036f4700 Cid 0228.023c Teb: 000007f6f3545000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15731618 Ticks: 9510 (0:00:02:28.356) Context Switch Count 25 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801505add0 Current fffff8801505a760 Base fffff8801505b000 Limit fffff88015055000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f8a080 Cid 0228.0be4 Teb: 000007f6f354d000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800274cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 4108 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.218 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801708bdd0 Current fffff8801708b760 Base fffff8801708c000 Limit fffff88017086000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001fa3080 Cid 0228.0c94 Teb: 000007f6f3547000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800404d990: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 4649 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e68dd0 Current fffff88014e68760 Base fffff88014e69000 Limit fffff88014e63000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc6080 Cid 0228.0b64 Teb: 000007f6f341e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739107 Ticks: 2021 (0:00:00:31.527) Context Switch Count 650 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014edfdd0 Current fffff88014edf760 Base fffff88014ee0000 Limit fffff88014eda000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d4fb00 Cid 0228.0b8c Teb: 000007f6f341c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017092dd0 Current fffff88017092760 Base fffff88017093000 Limit fffff8801708d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8003740540 SessionId: 0 Cid: 0288 Peb: 7f6fb59b000 ParentCid: 0220 DirBase: 30729000 ObjectTable: fffff8a0023607c0 HandleCount: Image: svchost.exe VadRoot fffffa800371ad60 Vads 95 Clone 0 Private 474. Modified 263. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a0023a0060 ElapsedTime 2 Days 20:10:57.445 UserTime 00:00:00.140 KernelTime 00:00:00.296 QuotaPoolUsage[PagedPool] 119744 QuotaPoolUsage[NonPagedPool] 13600 Working Set Sizes (now,min,max) (2130, 50, 345) (8520KB, 200KB, 1380KB) PeakWorkingSetSize 2168 VirtualSize 38 Mb PeakVirtualSize 59 Mb PageFaultCount 3201 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 702 Setting context for this process... .process /p /r fffffa8003740540 !peb PEB at 000007f6fb59b000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000f7c7e11990 . 000000f7c7e8c9a0 Ldr.InLoadOrderModuleList: 000000f7c7e11af0 . 000000f7c7e8c980 Ldr.InMemoryOrderModuleList: 000000f7c7e11b00 . 000000f7c7e8c990 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef40e0000 505ab1e3 Sep 20 07:04:19 2012 c:\windows\system32\umpnpmgr.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef40c0000 501089e6 Jul 26 01:05:58 2012 c:\windows\system32\DEVRTL.dll 7fef40a0000 505a9b46 Sep 20 05:27:50 2012 c:\windows\system32\umpo.dll 7fef4090000 50108607 Jul 26 00:49:27 2012 C:\WINDOWS\SYSTEM32\umpoext.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll 7fef4070000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\HID.DLL 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef3f80000 501086f9 Jul 26 00:53:29 2012 c:\windows\system32\rpcss.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7fef3f00000 505a9858 Sep 20 05:15:20 2012 c:\windows\system32\bisrv.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef3ee0000 505a9ae9 Sep 20 05:26:17 2012 c:\windows\system32\psmsrv.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 c:\windows\system32\WINSTA.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef3e70000 50108406 Jul 26 00:40:54 2012 c:\windows\system32\lsm.dll 7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll 7fef3d90000 5010a98e Jul 26 03:21:02 2012 c:\windows\system32\WMsgAPI.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\Userenv.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\Bcrypt.dll SubSystemData: 0000000000000000 ProcessHeap: 000000f7c7e10000 ProcessParameters: 000000f7c7e11170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k DcomLaunch' DllPath: '< Name not readable >' Environment: 000000f7c7e10860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa800373db00 Cid 0288.028c Teb: 000007f6fb59e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800373eb60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880150a7dd0 Current fffff880150a7900 Base fffff880150a8000 Limit fffff880150a2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800373b8c0 Cid 0288.0290 Teb: 000007f6fb59c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003784180 SynchronizationEvent fffffa80037795d0 SynchronizationEvent fffffa8003779bc0 SynchronizationEvent fffffa8003780940 SynchronizationEvent fffffa800325fd00 SynchronizationEvent fffffa8003779750 SynchronizationEvent fffffa80037796d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 59 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150aedd0 Current fffff880150ae180 Base fffff880150af000 Limit fffff880150a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800375e8c0 Cid 0288.02c4 Teb: 000007f6fb593000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003762540 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7531 Ticks: 15733597 (2:20:10:45.686) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150fbdd0 Current fffff880150fb760 Base fffff880150fc000 Limit fffff880150f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800375d940 Cid 0288.02cc Teb: 000007f6fb597000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037593c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20982 Ticks: 15720146 (2:20:07:15.849) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150d1dd0 Current fffff880150d1760 Base fffff880150d2000 Limit fffff880150cc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003719b00 Cid 0288.019c Teb: 000007f6fb466000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1059 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016454dd0 Current fffff88016454760 Base fffff88016455000 Limit fffff8801644f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80020bc940 Cid 0288.0048 Teb: 000007f6fb595000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1060 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801644ddd0 Current fffff8801644d760 Base fffff8801644e000 Limit fffff88016448000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001ec1b00 Cid 0288.0f04 Teb: 000007f6fb599000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 230 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151e2dd0 Current fffff880151e2760 Base fffff880151e3000 Limit fffff880151dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001dfc900 Cid 0288.0d40 Teb: 000007f6fb464000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fe3c80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017492dd0 Current fffff88017492760 Base fffff88017493000 Limit fffff8801748d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d47080 Cid 0288.0f9c Teb: 000007f6fb462000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800388f1f0 SynchronizationEvent fffffa8003dc6060 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739363 Ticks: 1765 (0:00:00:27.534) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174a0dd0 Current fffff880174a0180 Base fffff880174a1000 Limit fffff8801749b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003763540 SessionId: 0 Cid: 02b0 Peb: 7f6fab93000 ParentCid: 0220 DirBase: 30d47000 ObjectTable: fffff8a0023d3940 HandleCount: Image: svchost.exe VadRoot fffffa800374bc20 Vads 60 Clone 0 Private 751. Modified 34. Locked 2. DeviceMap fffff8a0007b8aa0 Token fffff8a0023d4060 ElapsedTime 2 Days 20:10:56.291 UserTime 00:00:00.592 KernelTime 00:00:00.483 QuotaPoolUsage[PagedPool] 70192 QuotaPoolUsage[NonPagedPool] 13744 Working Set Sizes (now,min,max) (1623, 50, 345) (6492KB, 200KB, 1380KB) PeakWorkingSetSize 1647 VirtualSize 26 Mb PeakVirtualSize 29 Mb PageFaultCount 2571 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 903 Setting context for this process... .process /p /r fffffa8003763540 !peb PEB at 000007f6fab93000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000d34b6c1a10 . 000000d34b7010a0 Ldr.InLoadOrderModuleList: 000000d34b6c1b70 . 000000d34b701080 Ldr.InMemoryOrderModuleList: 000000d34b6c1b80 . 000000d34b701090 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef3f60000 505a9b93 Sep 20 05:29:07 2012 c:\windows\system32\rpcepmap.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll 7fef3f40000 50108997 Jul 26 01:04:39 2012 C:\WINDOWS\system32\RpcRtRemote.dll 7fef3f80000 501086f9 Jul 26 00:53:29 2012 c:\windows\system32\rpcss.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\system32\fwpuclnt.dll SubSystemData: 0000000000000000 ProcessHeap: 000000d34b6c0000 ProcessParameters: 000000d34b6c11f0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k RPCSS' DllPath: '< Name not readable >' Environment: 000000d34b6c0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\Windows\ServiceProfiles\NetworkService windir=C:\WINDOWS THREAD fffffa8003756080 Cid 02b0.02b4 Teb: 000007f6fab9e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033d3300 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679237 Ticks: 61891 (0:00:16:05.505) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880150d8dd0 Current fffff880150d8900 Base fffff880150d9000 Limit fffff880150d3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800375cb00 Cid 02b0.02d0 Teb: 000007f6fab98000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c060 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738870 Ticks: 2258 (0:00:00:35.225) Context Switch Count 182 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880150eddd0 Current fffff880150ed0f0 Base fffff880150ee000 Limit fffff880150e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80033d2b00 Cid 02b0.02d4 Teb: 000007f6fab96000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376a080 QueueObject IRP List: fffffa80031cbe10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8002e7d4f0: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679451 Ticks: 61677 (0:00:16:02.167) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015102dd0 Current fffff88015102760 Base fffff88015103000 Limit fffff880150fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f5b080 Cid 02b0.0904 Teb: 000007f6faa66000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736696 Ticks: 4432 (0:00:01:09.139) Context Switch Count 99 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570) Stack Init fffff880170cadd0 Current fffff880170ca0f0 Base fffff880170cb000 Limit fffff880170c5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80021b0080 Cid 02b0.0784 Teb: 000007f6faa6a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728874 Ticks: 12254 (0:00:03:11.163) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570) Stack Init fffff8801723add0 Current fffff8801723a0f0 Base fffff8801723b000 Limit fffff88017235000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003797b00 Cid 02b0.0abc Teb: 000007f6fab94000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736683 Ticks: 4445 (0:00:01:09.342) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017172dd0 Current fffff88017172760 Base fffff88017173000 Limit fffff8801716d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001fc54c0 Cid 02b0.0db0 Teb: 000007f6faa6e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 892 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174dddd0 Current fffff880174dd760 Base fffff880174de000 Limit fffff880174d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003757080 Cid 02b0.0f24 Teb: 000007f6fab9a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 103 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017456dd0 Current fffff88017456760 Base fffff88017457000 Limit fffff88017451000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa800379c940 SessionId: 0 Cid: 02f0 Peb: 7f6faabb000 ParentCid: 0220 DirBase: 31659000 ObjectTable: fffff8a00248d1c0 HandleCount: Image: svchost.exe VadRoot fffffa8003792180 Vads 191 Clone 0 Private 2678. Modified 1152. Locked 4. DeviceMap fffff8a002487200 Token fffff8a002492060 ElapsedTime 2 Days 20:10:54.122 UserTime 00:00:00.655 KernelTime 00:00:01.170 QuotaPoolUsage[PagedPool] 182960 QuotaPoolUsage[NonPagedPool] 32064 Working Set Sizes (now,min,max) (5727, 50, 345) (22908KB, 200KB, 1380KB) PeakWorkingSetSize 6197 VirtualSize 103 Mb PeakVirtualSize 119 Mb PageFaultCount 11110 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 4051 Setting context for this process... .process /p /r fffffa800379c940 !peb PEB at 000007f6faabb000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000004033ba1a50 . 00000040360e9010 Ldr.InLoadOrderModuleList: 0000004033ba1bb0 . 00000040360e8ff0 Ldr.InMemoryOrderModuleList: 0000004033ba1bc0 . 00000040360e9000 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef3ac0000 501086f4 Jul 26 00:53:24 2012 c:\windows\system32\wevtsvc.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef0fa0000 505a9609 Sep 20 05:05:29 2012 c:\windows\system32\audiosrv.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL 7fef25f0000 505a994b Sep 20 05:19:23 2012 c:\windows\system32\MMDevAPI.DLL 7fef2e30000 505ab36d Sep 20 07:10:53 2012 c:\windows\system32\AVRT.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\winsta.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll 7fef0bc0000 5010abc2 Jul 26 03:30:26 2012 c:\windows\system32\lmhsvc.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL 7fef0b70000 50108a01 Jul 26 01:06:25 2012 c:\windows\system32\nrpsrv.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL 7fef0ad0000 50108709 Jul 26 00:53:45 2012 c:\windows\system32\wcmsvc.dll 7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll 7fef08b0000 505a9b92 Sep 20 05:29:06 2012 c:\windows\system32\dhcpcore.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\System32\firewallapi.dll 7fef07f0000 505a9ba2 Sep 20 05:29:22 2012 C:\WINDOWS\System32\dhcpcore6.dll 7fef07d0000 50108588 Jul 26 00:47:20 2012 C:\WINDOWS\System32\wcmcsp.dll 7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\System32\WMICLNT.dll 7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\System32\cryptdll.dll 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\System32\Wlanapi.dll 7fef03a0000 5063f85e Sep 27 07:55:26 2012 C:\WINDOWS\System32\Wlanhlp.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef0050000 501088cd Jul 26 01:01:17 2012 C:\WINDOWS\System32\SubscriptionMgr.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\System32\wevtapi.dll 7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\System32\wcmapi.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\System32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\System32\dhcpcsvc.DLL 7feec0d0000 5010804c Jul 26 00:25:00 2012 c:\windows\system32\provsvc.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll 7fef1f70000 501082e8 Jul 26 00:36:08 2012 C:\WINDOWS\System32\P2P.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7feed310000 501088aa Jul 26 01:00:42 2012 C:\Windows\System32\fdproxy.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll 7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll 7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll 7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll 7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\fastprox.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\System32\wkscli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll 7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\System32\SAMLIB.dll 7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7feecb60000 501081ca Jul 26 00:31:22 2012 c:\windows\system32\wscsvc.dll 7fef31b0000 50108834 Jul 26 00:58:44 2012 c:\windows\system32\dbghelp.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\SYSTEM32\ole32.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\System32\WINHTTP.dll 7feeca40000 505a933a Sep 20 04:53:30 2012 C:\Windows\System32\wuapi.dll 7feec170000 501089f6 Jul 26 01:06:14 2012 C:\Windows\System32\Cabinet.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\Windows\System32\VERSION.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\shell32.dll 7feed210000 50108822 Jul 26 00:58:26 2012 C:\WINDOWS\system32\wshbth.dll 7feec2b0000 5010a97e Jul 26 03:20:46 2012 C:\WINDOWS\System32\winrnr.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feec0b0000 5010a94b Jul 26 03:19:55 2012 C:\WINDOWS\system32\napinsp.dll SubSystemData: 0000000000000000 ProcessHeap: 0000004033ba0000 ProcessParameters: 0000004033ba1200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\System32\svchost.exe' ImageFile: 'C:\WINDOWS\System32\svchost.exe' CommandLine: 'C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted' DllPath: '< Name not readable >' Environment: 0000004033ba0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa800379a700 Cid 02f0.02f4 Teb: 000007f6faabe000 Win32Thread: fffff901000bb010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003795770 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015117dd0 Current fffff88015117900 Base fffff88015118000 Limit fffff88015112000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037b2b00 Cid 02f0.0308 Teb: 000007f6faab5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800379b750 SynchronizationEvent fffffa80037b2680 SynchronizationEvent fffffa800376f1b0 SynchronizationEvent fffffa800379b4b0 SynchronizationTimer fffffa800379b850 SynchronizationTimer fffffa80037b2600 SynchronizationEvent fffffa800379b7d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679108 Ticks: 62020 (0:00:16:07.518) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!WriteQueuedEvents (0x000007fef3b0bf50) Stack Init fffff8801514fdd0 Current fffff8801514f180 Base fffff88015150000 Limit fffff8801514a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038cc080 Cid 02f0.02c0 Teb: 000007f6faab7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80038d49c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719569 Ticks: 21559 (0:00:05:36.322) Context Switch Count 309 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address audiosrv!EventWorkerThread (0x000007fef0fa1330) Stack Init fffff880154d3dd0 Current fffff880154d37a0 Base fffff880154d4000 Limit fffff880154ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038af8c0 Cid 02f0.02dc Teb: 000007f6fa986000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038ac380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015504dd0 Current fffff88015504760 Base fffff88015505000 Limit fffff880154ff000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003934a80 Cid 02f0.038c Teb: 000007f6fa980000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039243e0 NotificationEvent fffffa8003912880 SynchronizationEvent fffffa8003946ae0 NotificationEvent fffffa8003939d80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 86 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015519dd0 Current fffff88015519180 Base fffff8801551a000 Limit fffff88015514000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003937100 Cid 02f0.03d0 Teb: 000007f6fa97c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039243e0 NotificationEvent fffffa8003937b80 SynchronizationEvent fffffa80032b4ac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734019 Ticks: 7109 (0:00:01:50.901) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dhcpcore6!Dhcpv6Main (0x000007fef07fc110) Stack Init fffff88015557dd0 Current fffff88015557180 Base fffff88015558000 Limit fffff88015552000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039576c0 Cid 02f0.0194 Teb: 000007f6fa97a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800393e750 NotificationEvent fffffa80039574a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11103 Ticks: 15730025 (2:20:09:49.962) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wcmsvc!CdeNotificationListenerThread (0x000007fef0ad97dc) Stack Init fffff880154b0dd0 Current fffff880154b0180 Base fffff880154b1000 Limit fffff880154ab000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397f080 Cid 02f0.0404 Teb: 000007f6fa978000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800392fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address Wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff8801559ddd0 Current fffff8801559d900 Base fffff8801559e000 Limit fffff88015598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800397f700 Cid 02f0.0408 Teb: 000007f6fa976000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003938f90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9576 Ticks: 15731552 (2:20:10:13.784) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wcmcsp!DisconnectCallback (0x000007fef07dc138) Stack Init fffff88015596dd0 Current fffff88015596900 Base fffff88015597000 Limit fffff88015591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f84b00 Cid 02f0.07c8 Teb: 000007f6fa968000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d83b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13655 Ticks: 15727473 (2:20:09:10.151) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880160cadd0 Current fffff880160ca900 Base fffff880160cb000 Limit fffff880160c5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800279d800 Cid 02f0.0b80 Teb: 000007f6fa96e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002778930 NotificationEvent fffffa8003ee48f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015110dd0 Current fffff88015110180 Base fffff88015111000 Limit fffff8801510b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037fa080 Cid 02f0.09ec Teb: 000007f6fa98c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002da9c70 SynchronizationEvent fffffa80036d3c70 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.031 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff88015195dd0 Current fffff88015195180 Base fffff88015196000 Limit fffff88015190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003988700 Cid 02f0.0738 Teb: 000007f6fa98a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026241c0 SynchronizationEvent fffffa80018f7460 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff880151a3dd0 Current fffff880151a3180 Base fffff880151a4000 Limit fffff8801519e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f11080 Cid 02f0.0724 Teb: 000007f6fa98e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e05590 SynchronizationEvent fffffa8003dda840 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739381 Ticks: 1747 (0:00:00:27.253) Context Switch Count 96 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff88015172dd0 Current fffff88015172180 Base fffff88015173000 Limit fffff8801516d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80039da080 Cid 02f0.09cc Teb: 000007f6fa96c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800339a7f0 SynchronizationEvent fffffa80030abac0 SynchronizationTimer fffffa80040b2f50 SynchronizationEvent fffffa800362da30 SynchronizationEvent fffffa8003e2d320 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679442 Ticks: 61686 (0:00:16:02.307) Context Switch Count 257 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wscsvc!CThirdPartyMonitoring::MonitoringThreadProcEntry (0x000007feecb6d438) Stack Init fffff88016470dd0 Current fffff88016470180 Base fffff88016471000 Limit fffff8801646b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003be9740 Cid 02f0.07f8 Teb: 000007f6fa96a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003e2b900 NotificationEvent fffffa8003f1c4d0 SynchronizationEvent fffffa80038f4cc0 SynchronizationEvent fffffa800265a460 SynchronizationEvent fffffa8003f336c0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733531 Ticks: 7597 (0:00:01:58.513) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address wscsvc!SystemMonitoringThreadProc (0x000007feecb64140) Stack Init fffff88014fb1dd0 Current fffff88014fb1180 Base fffff88014fb2000 Limit fffff88014fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038cdb00 Cid 02f0.0d94 Teb: 000007f6fa95e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject IRP List: fffffa8001ff9a60: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 2627 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016493dd0 Current fffff88016493760 Base fffff88016494000 Limit fffff8801648e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001c63080 Cid 02f0.0374 Teb: 000007f6fa97e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393e2a0 SynchronizationEvent fffffa800393dd00 SynchronizationEvent IRP List: fffffa8002e95b50: (0006,0118) Flags: 00060000 Mdl: fffffa8002770f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015542dd0 Current fffff88015542180 Base fffff88015543000 Limit fffff8801553d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800393cb00 Cid 02f0.0c64 Teb: 000007f6fa988000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393dc80 SynchronizationEvent fffffa800393dc00 SynchronizationEvent IRP List: fffffa8001e94790: (0006,0118) Flags: 00060000 Mdl: fffffa8001805f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lmhsvc!CheckIPAddrWorkerRtn (0x000007fef0bc1544) Stack Init fffff88015463dd0 Current fffff88015463180 Base fffff88015464000 Limit fffff8801545e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f00840 Cid 02f0.0954 Teb: 000007f6fa972000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f46e0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff880170d1dd0 Current fffff880170d1900 Base fffff880170d2000 Limit fffff880170cc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002198080 Cid 02f0.0830 Teb: 000007f6faab9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150b5dd0 Current fffff880150b5760 Base fffff880150b6000 Limit fffff880150b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d4c700 Cid 02f0.02e8 Teb: 000007f6faabc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 127 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017476dd0 Current fffff88017476760 Base fffff88017477000 Limit fffff88017471000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e5c080 Cid 02f0.0cf4 Teb: 000007f6fa982000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162c4dd0 Current fffff880162c4760 Base fffff880162c5000 Limit fffff880162bf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003ed49c0 Cid 02f0.0974 Teb: 000007f6fa970000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002cbe6c0 NotificationEvent fffffa8001eb5e80 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738061 Ticks: 3067 (0:00:00:47.845) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address dhcpcore6!Dhcpv6RenewThread (0x000007fef07f26cc) Stack Init fffff880165bbdd0 Current fffff880165bb180 Base fffff880165bc000 Limit fffff880165b6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80020eb080 Cid 02f0.0134 Teb: 000007f6fa966000 Win32Thread: 0000000000000000 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 0000004034dad9c0 Unknown Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737866 Ticks: 3262 (0:00:00:50.887) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dhcpcore6!Dhcpv6FirewallExemptionThreadProc (0x000007fef07f1044) Stack Init fffff8801714fdd0 Current fffff8801714f970 Base fffff88017150000 Limit fffff8801714a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa80037ae940 SessionId: 0 Cid: 0314 Peb: 7f6fa949000 ParentCid: 0220 DirBase: 319e5000 ObjectTable: fffff8a0024fcf00 HandleCount: Image: svchost.exe VadRoot fffffa8003befd40 Vads 657 Clone 0 Private 6019. Modified 39442. Locked 69. DeviceMap fffff8a00000c340 Token fffff8a0024fd060 ElapsedTime 2 Days 20:10:53.342 UserTime 00:00:04.539 KernelTime 00:00:02.028 QuotaPoolUsage[PagedPool] 355128 QuotaPoolUsage[NonPagedPool] 109904 Working Set Sizes (now,min,max) (10940, 50, 345) (43760KB, 200KB, 1380KB) PeakWorkingSetSize 39122 VirtualSize 549 Mb PeakVirtualSize 567 Mb PageFaultCount 102768 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 8943 Setting context for this process... .process /p /r fffffa80037ae940 !peb PEB at 000007f6fa949000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000f273801990 . 000000f20d42bac0 Ldr.InLoadOrderModuleList: 000000f273801af0 . 000000f20d42baa0 Ldr.InMemoryOrderModuleList: 000000f273801b00 . 000000f20d42bab0 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef3a10000 50108785 Jul 26 00:55:49 2012 c:\windows\system32\profsvc.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\USERENV.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 c:\windows\system32\profapi.dll 7fef3870000 5010818f Jul 26 00:30:23 2012 C:\WINDOWS\SYSTEM32\profsvcext.dll 7fef3840000 501089b3 Jul 26 01:05:07 2012 C:\WINDOWS\system32\NTDSAPI.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\NETAPI32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\WINDOWS\system32\ATL.DLL 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\system32\srvcli.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef37c0000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DFSCLI.DLL 7fef4440000 50108a08 Jul 26 01:06:32 2012 C:\WINDOWS\system32\LOGONCLI.DLL 7fef38a0000 50108987 Jul 26 01:04:23 2012 c:\windows\system32\themeservice.dll 7fef38b0000 501087d7 Jul 26 00:57:11 2012 c:\windows\system32\gpsvc.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 c:\windows\system32\GPAPI.dll 7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef3550000 50108816 Jul 26 00:58:14 2012 c:\windows\system32\sens.dll 7fef0310000 5010834a Jul 26 00:37:46 2012 c:\windows\system32\shsvcs.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef01d0000 505a9864 Sep 20 05:15:32 2012 C:\WINDOWS\system32\FVEAPI.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef0080000 501089f7 Jul 26 01:06:15 2012 C:\WINDOWS\system32\FVECERTS.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef0090000 501080a2 Jul 26 00:26:26 2012 c:\windows\system32\schedsvc.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 c:\windows\system32\SspiCli.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 c:\windows\system32\AUTHZ.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 c:\windows\system32\pcwum.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 c:\windows\system32\wevtapi.dll 7fef4920000 505a9abe Sep 20 05:25:34 2012 c:\windows\system32\UBPM.dll 7fef0070000 5010ac39 Jul 26 03:32:25 2012 c:\windows\system32\ktmw32.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\XmlLite.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll 7feefa20000 505a973a Sep 20 05:10:34 2012 C:\Windows\System32\ProximityService.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\wlanapi.dll 7feef9f0000 50108222 Jul 26 00:32:50 2012 C:\WINDOWS\system32\ProximityCommon.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\MSWSOCK.dll 7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\system32\WMICLNT.dll 7feef960000 5010816b Jul 26 00:29:47 2012 C:\WINDOWS\system32\taskcomp.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll 7feeec10000 50108770 Jul 26 00:55:28 2012 c:\windows\system32\wbem\wmisvc.dll 7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll 7feeea00000 501086a3 Jul 26 00:52:03 2012 c:\windows\system32\srvsvc.dll 7feee9d0000 501089bd Jul 26 01:05:17 2012 c:\windows\system32\browser.dll 7feee8e0000 501082bb Jul 26 00:35:23 2012 c:\windows\system32\iphlpsvc.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 c:\windows\system32\fwpuclnt.dll 7fef0f30000 50108a14 Jul 26 01:06:44 2012 c:\windows\system32\rtutils.dll 7feee8b0000 501087f6 Jul 26 00:57:42 2012 C:\WINDOWS\system32\httpprxm.dll 7feedfa0000 501089e2 Jul 26 01:05:54 2012 C:\WINDOWS\system32\SSCORE.DLL 7feedf90000 50108a0c Jul 26 01:06:36 2012 C:\WINDOWS\SYSTEM32\sscoreext.dll 7feedf70000 501089d8 Jul 26 01:05:44 2012 C:\WINDOWS\system32\mi.dll 7feedda0000 50108801 Jul 26 00:57:53 2012 C:\WINDOWS\system32\miutils.dll 7feedfb0000 501085a4 Jul 26 00:47:48 2012 C:\WINDOWS\system32\adhsvc.dll 7feede90000 501087fc Jul 26 00:57:48 2012 C:\WINDOWS\system32\wmidcom.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\system32\DPAPI.DLL 7feede60000 5010872e Jul 26 00:54:22 2012 C:\WINDOWS\system32\ncbservice.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7feedf20000 5010abc3 Jul 26 03:30:27 2012 C:\WINDOWS\SYSTEM32\bi.dll 7feeded0000 501081fc Jul 26 00:32:12 2012 C:\WINDOWS\system32\ACTIVEDS.dll 7feedcc0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\adsldpc.dll 7feefa60000 50109e21 Jul 26 02:32:17 2012 C:\WINDOWS\system32\sqmapi.dll 7feedd00000 5010a1bd Jul 26 02:47:41 2012 C:\WINDOWS\system32\RESUTILS.DLL 7feedc60000 5010960c Jul 26 01:57:48 2012 C:\WINDOWS\system32\CLUSAPI.dll 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7fef40c0000 501089e6 Jul 26 01:05:58 2012 c:\windows\system32\devrtl.DLL 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7fef34c0000 501098cf Jul 26 02:09:35 2012 C:\WINDOWS\system32\WDSCORE.dll 7feed330000 501086f9 Jul 26 00:53:29 2012 C:\WINDOWS\system32\NCI.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\SECUR32.DLL 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\system32\slc.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\cscapi.dll 7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL 7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll 7feebdd0000 50108782 Jul 26 00:55:46 2012 C:\WINDOWS\system32\wbem\wbemcore.dll 7feebd60000 501087c9 Jul 26 00:56:57 2012 C:\WINDOWS\system32\wbem\esscli.dll 7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\FastProx.dll 7feed210000 50108822 Jul 26 00:58:26 2012 C:\WINDOWS\system32\wshbth.dll 7feec2b0000 5010a97e Jul 26 03:20:46 2012 C:\WINDOWS\System32\winrnr.dll 7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll 7feec0b0000 5010a94b Jul 26 03:19:55 2012 C:\WINDOWS\system32\napinsp.dll 7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll 7fef1ed0000 501087f4 Jul 26 00:57:40 2012 C:\WINDOWS\system32\wbem\wmiutils.dll 7feed260000 501087c6 Jul 26 00:56:54 2012 C:\WINDOWS\system32\wbem\repdrvfs.dll 7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll 7feeb520000 50108796 Jul 26 00:56:06 2012 C:\WINDOWS\system32\wbem\wmiprvsd.dll 7feed240000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\NCObjAPI.DLL 7feeb4a0000 5010870e Jul 26 00:53:50 2012 C:\WINDOWS\system32\wbem\wbemess.dll 7feeaf60000 50108735 Jul 26 00:54:29 2012 C:\WINDOWS\system32\wbem\ncprov.dll 7feed130000 50108cd4 Jul 26 01:18:28 2012 c:\windows\system32\qmgr.dll 7feedb70000 501089fd Jul 26 01:06:21 2012 c:\windows\system32\bitsperf.dll 7feed110000 5010a626 Jul 26 03:06:30 2012 C:\WINDOWS\system32\bitsigd.dll 7fef1d20000 5010a00e Jul 26 02:40:30 2012 C:\WINDOWS\system32\upnp.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll 7feeb010000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\dssenh.dll 7feeaf80000 5010a974 Jul 26 03:20:36 2012 c:\windows\system32\appinfo.dll 7fef3060000 505a9aeb Sep 20 05:26:19 2012 c:\windows\system32\systemeventsbrokerserver.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7fef2660000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\system32\TimeBrokerClient.dll 7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll 7fef1bd0000 50107fa1 Jul 26 00:22:09 2012 C:\WINDOWS\system32\hnetcfg.dll 7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\system32\SPINF.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7fef21b0000 5010a6ed Jul 26 03:09:49 2012 C:\Windows\System32\qmgrprxy.dll 7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\system32\MPR.dll 7fee8da0000 505a95bd Sep 20 05:04:13 2012 c:\windows\system32\wuaueng.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 c:\windows\system32\ESENT.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 c:\windows\system32\WINSPOOL.DRV 7fef3d90000 5010a98e Jul 26 03:21:02 2012 c:\windows\system32\WMsgAPI.dll 7feec170000 501089f6 Jul 26 01:06:14 2012 c:\windows\system32\Cabinet.dll 7fef0f00000 501089f7 Jul 26 01:06:15 2012 c:\windows\system32\mspatcha.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll 7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\SYSTEM32\wcmapi.dll 7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll 7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\SYSTEM32\wer.dll 7feea490000 501099c5 Jul 26 02:13:41 2012 C:\WINDOWS\system32\RasApi32.dll 7feecb80000 501089b8 Jul 26 01:05:12 2012 C:\WINDOWS\system32\rasman.dll 7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\webservices.dll 7fee7b90000 50109c5d Jul 26 02:24:45 2012 C:\WINDOWS\SYSTEM32\msi.dll 7fef10f0000 50109e1d Jul 26 02:32:13 2012 C:\WINDOWS\SYSTEM32\advpack.dll 7fef7ce0000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\imagehlp.dll 7fee8b80000 505ab0bd Sep 20 06:59:25 2012 c:\windows\system32\aelupsvc.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 c:\windows\system32\apphelp.dll 7fef0e10000 501086e3 Jul 26 00:53:07 2012 C:\Windows\System32\AppXDeploymentClient.dll 7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll 7fee8b50000 505a93f3 Sep 20 04:56:35 2012 C:\Windows\System32\storewuauth.dll 7fee8b10000 505a942e Sep 20 04:57:34 2012 C:\Windows\System32\WSClient.dll 7fee86c0000 505a91ee Sep 20 04:47:58 2012 C:\Windows\System32\WSShared.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\TWINAPI.dll 7fee8690000 505a97a0 Sep 20 05:12:16 2012 C:\Windows\System32\WSSync.dll 7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\Windows\System32\elscore.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\Windows\System32\iertutil.dll SubSystemData: 0000000000000000 ProcessHeap: 000000f273800000 ProcessParameters: 000000f273801170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k netsvcs' DllPath: '< Name not readable >' Environment: 000000f273800860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa80037a59c0 Cid 0314.0318 Teb: 000007f6fa94e000 Win32Thread: fffff90100655b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037c57b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720336 Ticks: 20792 (0:00:05:24.357) Context Switch Count 758 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015164dd0 Current fffff88015164900 Base fffff88015165000 Limit fffff8801515f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037c27c0 Cid 0314.031c Teb: 000007f6fa94c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db8490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015179dd0 Current fffff88015179900 Base fffff8801517a000 Limit fffff88015174000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037c0a00 Cid 0314.0328 Teb: 000007f6fa945000 Win32Thread: fffff90100659b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a9a60 NotificationEvent fffffa80037b4f50 SynchronizationEvent fffffa80037a99e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7999 Ticks: 15733129 (2:20:10:38.385) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015187dd0 Current fffff88015187180 Base fffff88015188000 Limit fffff88015182000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037cc700 Cid 0314.032c Teb: 000007f6fa943000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80037ccaa8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738889 Ticks: 2239 (0:00:00:34.928) Context Switch Count 400 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801518edd0 Current fffff8801518e7a0 Base fffff8801518f000 Limit fffff88015189000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80037f1b00 Cid 0314.0348 Teb: 000007f6fa81e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800319fb60 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739118 Ticks: 2010 (0:00:00:31.356) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151aadd0 Current fffff880151aa0f0 Base fffff880151ab000 Limit fffff880151a5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003975b00 Cid 0314.0260 Teb: 000007f6fa818000 Win32Thread: fffff901006d7710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003955820 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 192 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801558fdd0 Current fffff8801558f900 Base fffff88015590000 Limit fffff8801558a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800398a080 Cid 0314.0418 Teb: 000007f6fa816000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002eddee0 SynchronizationEvent fffffa8003958640 SynchronizationEvent fffffa8003b60fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679223 Ticks: 61905 (0:00:16:05.724) Context Switch Count 643 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.093 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880154ccdd0 Current fffff880154cc180 Base fffff880154cd000 Limit fffff880154c7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039f7080 Cid 0314.0480 Teb: 000007f6fa804000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0b740 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740821 Ticks: 307 (0:00:00:04.789) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e5add0 Current fffff88014e5a760 Base fffff88014e5b000 Limit fffff88014e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80039fbb00 Cid 0314.0484 Teb: 000007f6fa802000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b39ba0 SynchronizationEvent fffffa8003b3bfe0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679246 Ticks: 61882 (0:00:16:05.365) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address schedsvc!CSessionMgr::StartJobsCallback (0x000007fef00c3788) Stack Init fffff88015588dd0 Current fffff88015588180 Base fffff88015589000 Limit fffff88015583000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b0b9c0 Cid 0314.0488 Teb: 000007f6fa800000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b58db0 SynchronizationEvent fffffa8003b38cd0 SynchronizationEvent fffffa8003b48be0 SynchronizationEvent fffffa8003b589e0 SynchronizationTimer fffffa8003b58840 SynchronizationTimer IRP List: fffffa8003b3c010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10689 Ticks: 15730439 (2:20:09:56.421) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskcomp!CompatibilityAdapter::MonitorThread (0x000007feef961c00) Stack Init fffff88014e0ddd0 Current fffff88014e0d180 Base fffff88014e0e000 Limit fffff88014e08000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bad700 Cid 0314.05cc Teb: 000007f6fa814000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbd520 NotificationEvent fffffa8003bb5ca0 SynchronizationEvent fffffa8003ba3200 SynchronizationEvent fffffa8003beda78 NotificationEvent IRP List: fffffa8003d85010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738812 Ticks: 2316 (0:00:00:36.129) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f4fdd0 Current fffff88014f4f180 Base fffff88014f50000 Limit fffff88014f4a000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003bbf900 Cid 0314.0620 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db6c10 SynchronizationEvent fffffa80030912b0 SynchronizationEvent fffffa8003f9c920 SynchronizationEvent fffffa8003e3dd50 SynchronizationEvent fffffa8003fa2630 SynchronizationEvent fffffa8004035530 SynchronizationEvent fffffa8003f48a70 SynchronizationEvent fffffa8003fb0620 SynchronizationEvent fffffa8003dc0490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727890 Ticks: 13238 (0:00:03:26.514) Context Switch Count 699 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fcddd0 Current fffff88014fcd180 Base fffff88014fce000 Limit fffff88014fc8000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bd4080 Cid 0314.06a8 Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003daa960 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSCORE!ShareNotificationsThreadProc (0x000007feedfa1824) Stack Init fffff88015e99dd0 Current fffff88015e99900 Base fffff88015e9a000 Limit fffff88015e94000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcf700 Cid 0314.06ac Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679964 Ticks: 61164 (0:00:15:54.164) Context Switch Count 163 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155dcdd0 Current fffff880155dc760 Base fffff880155dd000 Limit fffff880155d7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bd8700 Cid 0314.06b4 Teb: 000007f6fa7f2000 Win32Thread: fffff90100671290 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject IRP List: fffffa800413a9f0: (0006,01f0) Flags: 00060000 Mdl: fffffa8002620e70 fffffa8002c48a10: (0006,01f0) Flags: 00060000 Mdl: fffffa800274a290 fffffa8002c4e240: (0006,01f0) Flags: 00060000 Mdl: fffffa800189fc30 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 1340 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea7dd0 Current fffff88015ea7760 Base fffff88015ea8000 Limit fffff88015ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003bd4b00 Cid 0314.06b8 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b741b0 SynchronizationEvent fffffa8003db11b0 SynchronizationEvent fffffa8003e0e9c0 SynchronizationEvent fffffa8003dba320 SynchronizationEvent fffffa8003dba1d0 SynchronizationEvent fffffa8003e685b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15693330 Ticks: 47798 (0:00:12:25.653) Context Switch Count 1428 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address httpprxm!ProxyMgrRegListenForProxySettingsChange (0x000007feee8c0e68) Stack Init fffff88015eaedd0 Current fffff88015eae180 Base fffff88015eaf000 Limit fffff88015ea9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e55940 Cid 0314.06dc Teb: 000007f6fa7ea000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ddce60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12499 Ticks: 15728629 (2:20:09:28.184) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88003dd8dd0 Current fffff88003dd8900 Base fffff88003dd9000 Limit fffff88003dd3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea0b00 Cid 0314.07a8 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f24aa0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12917 Ticks: 15728211 (2:20:09:21.664) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ffedd0 Current fffff88015ffe900 Base fffff88015fff000 Limit fffff88015ff9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003df8080 Cid 0314.05c8 Teb: 000007f6fa7c6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent fffffa80039cc2f0 NotificationEvent IRP List: fffffa8002cf3e10: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80033c7660: (0006,01f0) Flags: 00060030 Mdl: fffffa80021ac780 fffffa80033f2610: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80020fccd0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727019 Ticks: 14109 (0:00:03:40.101) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016187dd0 Current fffff88016187180 Base fffff88016188000 Limit fffff88016182000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003fa9b00 Cid 0314.04a0 Teb: 000007f6fa7be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727032 Ticks: 14096 (0:00:03:39.899) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801621bdd0 Current fffff8801621b180 Base fffff8801621c000 Limit fffff88016216000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003836b00 Cid 0314.0898 Teb: 000007f6fa7bc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f47c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14273 Ticks: 15726855 (2:20:09:00.510) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88015429dd0 Current fffff88015429900 Base fffff8801542a000 Limit fffff88015424000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018a5b00 Cid 0314.0a1c Teb: 000007f6fa7a4000 Win32Thread: fffff901006a9820 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003798d00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 148 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801607ddd0 Current fffff8801607d5f0 Base fffff8801607e000 Limit fffff88016078000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80037d0b00 Cid 0314.0a2c Teb: 000007f6fa7a2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80036216b0 NotificationEvent fffffa80017d6f20 NotificationEvent IRP List: fffffa80031d0c80: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ncprov!CNCProvider::ConnectThreadProc (0x000007feeaf651dc) Stack Init fffff880163ebdd0 Current fffff880163eb180 Base fffff880163ec000 Limit fffff880163e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261ab00 Cid 0314.0a30 Teb: 000007f6fa7a0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d200 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff8800316cdd0 Current fffff8800316c180 Base fffff8800316d000 Limit fffff88003167000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002624900 Cid 0314.0a34 Teb: 000007f6fa79e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037cac10 NotificationEvent fffffa80040559b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff88003173dd0 Current fffff88003173180 Base fffff88003174000 Limit fffff8800316e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003676080 Cid 0314.099c Teb: 000007f6fa812000 Win32Thread: fffff90100697950 WAIT: (UserRequest) UserMode Alertable fffffa80038ce280 SynchronizationTimer fffffa80038165f0 NotificationEvent fffffa80031e7a30 SynchronizationEvent IRP List: fffffa8003f07e10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8003900d80: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720270 Ticks: 20858 (0:00:05:25.386) Context Switch Count 5927 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.156 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88003181dd0 Current fffff88003181180 Base fffff88003182000 Limit fffff8800317c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001e11080 Cid 0314.0420 Teb: 000007f6fa80c000 Win32Thread: fffff901006f8710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737701 Ticks: 3427 (0:00:00:53.461) Context Switch Count 2697 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f72dd0 Current fffff88015f72760 Base fffff88015f73000 Limit fffff88015f6d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80037fab00 Cid 0314.0d10 Teb: 000007f6fa806000 Win32Thread: fffff9010066fb90 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject IRP List: fffffa8002d0f260: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 8797 IdealProcessor: 0 UserTime 00:00:01.310 KernelTime 00:00:00.577 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150dfdd0 Current fffff880150df760 Base fffff880150e0000 Limit fffff880150da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8004048080 Cid 0314.04b8 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002187550 SynchronizationEvent fffffa8001f05860 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737670 Ticks: 3458 (0:00:00:53.945) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017525dd0 Current fffff88017525180 Base fffff88017526000 Limit fffff88017520000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80020a4b00 Cid 0314.0bec Teb: 000007f6fa7dc000 Win32Thread: fffff901006e5710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740262 Ticks: 866 (0:00:00:13.509) Context Switch Count 1061 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016596dd0 Current fffff88016596760 Base fffff88016597000 Limit fffff88016591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001dcb080 Cid 0314.0ae4 Teb: 000007f6fa7ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038b30c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679787 Ticks: 61341 (0:00:15:56.925) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163f9dd0 Current fffff880163f9760 Base fffff880163fa000 Limit fffff880163f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cff080 Cid 0314.0298 Teb: 000007f6fa7c8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001cff428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a000a23170 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff8801756bdd0 Current fffff8801756b660 Base fffff8801756c000 Limit fffff88017566000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d8c080 Cid 0314.0bbc Teb: 000007f6fa94a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003253610 SynchronizationEvent fffffa8003782a30 NotificationEvent fffffa8003f099f0 SynchronizationEvent IRP List: fffffa80018966f0: (0006,01f0) Flags: 00040030 Mdl: 00000000 fffffa8002dd4210: (0006,01f0) Flags: 00040030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 286 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880171cbdd0 Current fffff880171cb180 Base fffff880171cc000 Limit fffff880171c6000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 THREAD fffffa8001cd4080 Cid 0314.0ce4 Teb: 000007f6fa947000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a8250 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717753 Ticks: 23375 (0:00:06:04.652) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88016110dd0 Current fffff88016110900 Base fffff88016111000 Limit fffff8801610b000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e76080 Cid 0314.0c68 Teb: 000007f6fa81c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001ccea80 SynchronizationEvent fffffa8002d31cc0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717492 Ticks: 23636 (0:00:06:08.723) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff8801546add0 Current fffff8801546a180 Base fffff8801546b000 Limit fffff88015465000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800360fb00 Cid 0314.08a4 Teb: 000007f6fa81a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c94e40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733523 Ticks: 7605 (0:00:01:58.638) Context Switch Count 222 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880171eedd0 Current fffff880171ee7a0 Base fffff880171ef000 Limit fffff880171e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d2ab00 Cid 0314.0adc Teb: 000007f6fa7fe000 Win32Thread: fffff901006f2010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ed4250 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 6051 IdealProcessor: 0 UserTime 00:00:00.296 KernelTime 00:00:02.776 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88015f80dd0 Current fffff88015f80180 Base fffff88015f81000 Limit fffff88015f7b000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 THREAD fffffa80040265c0 Cid 0314.0a44 Teb: 000007f6fa7fa000 Win32Thread: fffff901006fe5a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa80033fee50 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733525 Ticks: 7603 (0:00:01:58.607) Context Switch Count 5581 IdealProcessor: 0 UserTime 00:00:01.482 KernelTime 00:00:00.592 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff880171a3dd0 Current fffff880171a3180 Base fffff880171a4000 Limit fffff8801719e000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. THREAD fffffa8003f51b00 Cid 0314.0414 Teb: 000007f6fa810000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ec8bd0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 194 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88017371dd0 Current fffff88017371180 Base fffff88017372000 Limit fffff8801736c000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 THREAD fffffa8002053b00 Cid 0314.0780 Teb: 000007f6fa7e8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80031a7180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15718905 Ticks: 22223 (0:00:05:46.681) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017515dd0 Current fffff88017515760 Base fffff88017516000 Limit fffff88017510000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cc9240 Cid 0314.049c Teb: 000007f6fa7de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8003794150 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15722755 Ticks: 18373 (0:00:04:46.620) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88014e7ddd0 Current fffff88014e7d180 Base fffff88014e7e000 Limit fffff88014e78000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. THREAD fffffa8002d3c300 Cid 0314.0e68 Teb: 000007f6fa7d8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002d3c6a8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720344 Ticks: 20784 (0:00:05:24.232) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address aelupsvc!AhcpProcessLPCCalls (0x000007fee8b810f0) Stack Init fffff8801511edd0 Current fffff8801511e750 Base fffff8801511f000 Limit fffff88015119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d80240 Cid 0314.076c Teb: 000007f6fa7da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800361db00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720345 Ticks: 20783 (0:00:05:24.216) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150f4dd0 Current fffff880150f4760 Base fffff880150f5000 Limit fffff880150ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800365a980 Cid 0314.0a60 Teb: 000007f6fa80a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801519cdd0 Current fffff8801519c760 Base fffff8801519d000 Limit fffff88015197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002105680 Cid 0314.0fc4 Teb: 000007f6fa80e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d59110 Semaphore Limit 0x7fffffff fffffa800319ccd0 Mutant - owning thread 0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739275 Ticks: 1853 (0:00:00:28.906) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address qmgr!TaskScheduler::WorkGroupWorkerThunk (0x000007feed178004) Stack Init fffff88015422dd0 Current fffff88015421ee0 Base fffff88015423000 Limit fffff8801541d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa80037e9940 SessionId: 0 Cid: 0360 Peb: 7f6fa7ef000 ParentCid: 0220 DirBase: 332b5000 ObjectTable: fffff8a002536040 HandleCount: Image: svchost.exe VadRoot fffffa8003f0a880 Vads 163 Clone 0 Private 1535. Modified 327. Locked 115. DeviceMap fffff8a002487200 Token fffff8a0024f5630 ElapsedTime 2 Days 20:10:48.462 UserTime 00:00:00.405 KernelTime 00:00:00.592 QuotaPoolUsage[PagedPool] 207056 QuotaPoolUsage[NonPagedPool] 38400 Working Set Sizes (now,min,max) (4072, 50, 345) (16288KB, 200KB, 1380KB) PeakWorkingSetSize 4211 VirtualSize 101 Mb PeakVirtualSize 109 Mb PageFaultCount 7783 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1993 Setting context for this process... .process /p /r fffffa80037e9940 !peb PEB at 000007f6fa7ef000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000002b50781a30 . 0000002b53018d90 Ldr.InLoadOrderModuleList: 0000002b50781b90 . 0000002b53018d70 Ldr.InMemoryOrderModuleList: 0000002b50781ba0 . 0000002b53018d80 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef3570000 50108647 Jul 26 00:50:31 2012 c:\windows\system32\es.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef1250000 50108a2f Jul 26 01:07:11 2012 c:\windows\system32\fntcache.dll 7fef0bb0000 50108aa7 Jul 26 01:09:11 2012 c:\windows\system32\nsisvc.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 c:\windows\system32\winhttp.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7feedc00000 5010883e Jul 26 00:58:54 2012 c:\windows\system32\wdi.dll 7feedb80000 501087e2 Jul 26 00:57:22 2012 c:\windows\system32\netprofmsvc.dll 7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll 7feeda30000 501087af Jul 26 00:56:31 2012 c:\windows\system32\bthserv.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 c:\windows\system32\profapi.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7feed6f0000 50108406 Jul 26 00:40:54 2012 C:\WINDOWS\system32\perftrack.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\system32\wer.dll 7feef420000 50109db5 Jul 26 02:30:29 2012 C:\WINDOWS\system32\AEPIC.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll 7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\system32\sfc_os.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll 7feed5c0000 50108269 Jul 26 00:34:01 2012 c:\windows\system32\fdphost.dll 7feed590000 5010855e Jul 26 00:46:38 2012 C:\Windows\System32\fdwsd.dll 7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\Windows\System32\wsdapi.dll 7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\Windows\System32\webservices.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\Windows\System32\FirewallAPI.dll 7feec240000 5010877d Jul 26 00:55:41 2012 C:\Windows\System32\fdssdp.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\Windows\System32\SSDPAPI.dll 7feed310000 501088aa Jul 26 01:00:42 2012 C:\Windows\System32\fdproxy.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll 7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll SubSystemData: 0000000000000000 ProcessHeap: 0000002b50780000 ProcessParameters: 0000002b50781200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalService' DllPath: '< Name not readable >' Environment: 0000002b50780860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa80037a2b00 Cid 0360.0364 Teb: 000007f6fa7ed000 Win32Thread: fffff90100659290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037d9820 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880151bfdd0 Current fffff880151bf900 Base fffff880151c0000 Limit fffff880151ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003812080 Cid 0360.0378 Teb: 000007f6fa7e3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d3b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15690529 Ticks: 50599 (0:00:13:09.349) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151c6dd0 Current fffff880151c6760 Base fffff880151c7000 Limit fffff880151c1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800389e080 Cid 0360.0138 Teb: 000007f6fa6be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038a07a0 NotificationEvent fffffa80038aa500 SynchronizationEvent fffffa800389e600 NotificationEvent fffffa80038a91a8 NotificationEvent IRP List: fffffa800389cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8883 Ticks: 15732245 (2:20:10:24.594) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address fntcache!SystemFontCollectionMonitor::ThreadProc (0x000007fef12a3b00) Stack Init fffff8801549bdd0 Current fffff8801549b180 Base fffff8801549c000 Limit fffff88015496000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800389fb00 Cid 0360.0144 Teb: 000007f6fa6bc000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800389fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 349 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address fntcache!FontCacheServiceInstance::IpcThreadProc (0x000007fef12a48fc) Stack Init fffff88015494dd0 Current fffff88015494750 Base fffff88015495000 Limit fffff8801548f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003d8d7c0 Cid 0360.0658 Teb: 000007f6fa6b8000 Win32Thread: fffff90100691710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800364ee80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735040 Ticks: 6088 (0:00:01:34.973) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address es!Notifier::NotifyThread::ThreadMain (0x000007fef35a06d0) Stack Init fffff88015e5add0 Current fffff88015e5a900 Base fffff88015e5b000 Limit fffff88015e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e8bb00 Cid 0360.0760 Teb: 000007f6fa6b2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0ea40 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12613 Ticks: 15728515 (2:20:09:26.406) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f9cdd0 Current fffff88015f9c900 Base fffff88015f9d000 Limit fffff88015f97000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea4080 Cid 0360.0774 Teb: 000007f6fa6b0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003df5b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 57 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fc6dd0 Current fffff88015fc6900 Base fffff88015fc7000 Limit fffff88015fc1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ec02c0 Cid 0360.07c0 Teb: 000007f6fa6ae000 Win32Thread: fffff901006a3b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030bf470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12914 Ticks: 15728214 (2:20:09:21.710) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!NetProfileManStartStopThread (0x000007feedb96d5c) Stack Init fffff88016022dd0 Current fffff88016022900 Base fffff88016023000 Limit fffff8801601d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ee6b00 Cid 0360.07d8 Teb: 000007f6fa6a8000 Win32Thread: fffff9010069f610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003eea260 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 586 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::EventMgrThreadProc (0x000007feedb859ec) Stack Init fffff88016029dd0 Current fffff880160295f0 Base fffff8801602a000 Limit fffff88016024000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f02b00 Cid 0360.0424 Teb: 000007f6fa6a6000 Win32Thread: fffff901006abb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc7ca0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15732248 Ticks: 8880 (0:00:02:18.528) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::IpHlpEventMgrThreadProc (0x000007feedb86564) Stack Init fffff880160a7dd0 Current fffff880160a7900 Base fffff880160a8000 Limit fffff880160a2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e01080 Cid 0360.0498 Teb: 000007f6fa6a4000 Win32Thread: fffff901006a5290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003eea150 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::NetworkEventAggregatorThreadProc (0x000007feedb85f9c) Stack Init fffff880160aedd0 Current fffff880160ae900 Base fffff880160af000 Limit fffff880160a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e01700 Cid 0360.04a4 Teb: 000007f6fa6a2000 Win32Thread: fffff901006a5710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f029f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 83 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::FirewallEventMgrThreadProc (0x000007feedb94274) Stack Init fffff880160b5dd0 Current fffff880160b5900 Base fffff880160b6000 Limit fffff880160b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003f19b00 Cid 0360.0548 Teb: 000007f6fa69c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003ef53f0 NotificationEvent fffffa8003ef5200 SynchronizationTimer Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bthserv!BthServAsyncThread (0x000007feeda358dc) Stack Init fffff880160d8dd0 Current fffff880160d8180 Base fffff880160d9000 Limit fffff880160d3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f4bb00 Cid 0360.04ac Teb: 000007f6fa69e000 Win32Thread: fffff901006ab710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003f49f60 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 753 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::EventWorkerThreadProc (0x000007feedb896d0) Stack Init fffff88016164dd0 Current fffff880161645f0 Base fffff88016165000 Limit fffff8801615f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d58080 Cid 0360.0ae0 Teb: 000007f6fa6b4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800374e740 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734670 Ticks: 6458 (0:00:01:40.745) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address es!TransientSubChecker::CheckerThread::ThreadMain (0x000007fef359f270) Stack Init fffff8801604cdd0 Current fffff8801604c900 Base fffff8801604d000 Limit fffff88016047000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f2b080 Cid 0360.03c0 Teb: 000007f6fa694000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039e0bc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161fedd0 Current fffff880161fe760 Base fffff880161ff000 Limit fffff880161f9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800400b080 Cid 0360.0934 Teb: 000007f6fa67e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003868500 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679686 Ticks: 61442 (0:00:15:58.501) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801750edd0 Current fffff8801750e760 Base fffff8801750f000 Limit fffff88017509000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002788740 Cid 0360.029c Teb: 000007f6fa67c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001ddac40 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679735 Ticks: 61393 (0:00:15:57.736) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017109dd0 Current fffff88017109760 Base fffff8801710a000 Limit fffff88017104000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c6c080 Cid 0360.0d30 Teb: 000007f6fa67a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036ed940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679696 Ticks: 61432 (0:00:15:58.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017037dd0 Current fffff88017037760 Base fffff88017038000 Limit fffff88017032000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f68080 Cid 0360.08c8 Teb: 000007f6fa678000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800180aa00 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679706 Ticks: 61422 (0:00:15:58.189) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163e4dd0 Current fffff880163e4760 Base fffff880163e5000 Limit fffff880163df000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f20800 Cid 0360.03cc Teb: 000007f6fa676000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fb1080 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016262dd0 Current fffff88016262760 Base fffff88016263000 Limit fffff8801625d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038159c0 Cid 0360.0628 Teb: 000007f6fa668000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8004001280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801544cdd0 Current fffff8801544c760 Base fffff8801544d000 Limit fffff88015447000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003793080 Cid 0360.0ddc Teb: 000007f6fa6ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740467 Ticks: 661 (0:00:00:10.311) Context Switch Count 860 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015068dd0 Current fffff88015068760 Base fffff88015069000 Limit fffff88015063000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002156080 Cid 0360.09ac Teb: 000007f6fa7e9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170f4dd0 Current fffff880170f4760 Base fffff880170f5000 Limit fffff880170ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018c29c0 Cid 0360.06a0 Teb: 000007f6fa7e5000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 209 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017394dd0 Current fffff88017394760 Base fffff88017395000 Limit fffff8801738f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80020cab00 Cid 0360.0614 Teb: 000007f6fa7eb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733831 Ticks: 7297 (0:00:01:53.833) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174ebdd0 Current fffff880174eb760 Base fffff880174ec000 Limit fffff880174e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80033d8080 Cid 0360.0940 Teb: 000007f6fa7e7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 246 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801659ddd0 Current fffff8801659d760 Base fffff8801659e000 Limit fffff88016598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003879940 SessionId: 0 Cid: 03f0 Peb: 7f6fad89000 ParentCid: 0220 DirBase: 3584e000 ObjectTable: fffff8a002669480 HandleCount: Image: svchost.exe VadRoot fffffa8003873c30 Vads 236 Clone 0 Private 9637. Modified 3929. Locked 5. DeviceMap fffff8a00000c340 Token fffff8a00267f060 ElapsedTime 2 Days 20:10:35.467 UserTime 00:00:02.527 KernelTime 00:00:08.970 QuotaPoolUsage[PagedPool] 198216 QuotaPoolUsage[NonPagedPool] 36304 Working Set Sizes (now,min,max) (13295, 50, 345) (53180KB, 200KB, 1380KB) PeakWorkingSetSize 13943 VirtualSize 4220 Mb PeakVirtualSize 4262 Mb PageFaultCount 64474 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 12699 Setting context for this process... .process /p /r fffffa8003879940 !peb PEB at 000007f6fad89000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000006f45b119c0 . 0000006f45c02680 Ldr.InLoadOrderModuleList: 0000006f45b11b20 . 0000006f45c02660 Ldr.InMemoryOrderModuleList: 0000006f45b11b30 . 0000006f45c02670 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef2e60000 505a9876 Sep 20 05:15:50 2012 c:\windows\system32\audioendpointbuilder.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 c:\windows\system32\bcrypt.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef25f0000 505a994b Sep 20 05:19:23 2012 c:\windows\system32\MMDevAPI.DLL 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll 7fef0910000 5063da82 Sep 27 05:48:02 2012 c:\windows\system32\wlansvc.dll 7fef0830000 5063dad6 Sep 27 05:49:26 2012 c:\windows\system32\WLANMSM.DLL 7fef0780000 50108765 Jul 26 00:55:17 2012 c:\windows\system32\OneX.DLL 7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll 7fef0700000 5063df0c Sep 27 06:07:24 2012 c:\windows\system32\WLANSEC.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 c:\windows\system32\dhcpcsvc.DLL 7fef0690000 501087e5 Jul 26 00:57:25 2012 c:\windows\system32\eappprxy.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.DLL 7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\System32\WMICLNT.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\System32\AUTHZ.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll 7fef0420000 5010887a Jul 26 00:59:54 2012 C:\WINDOWS\SYSTEM32\wlgpclnt.dll 7fef0400000 5010a845 Jul 26 03:15:33 2012 C:\WINDOWS\System32\l2gpstore.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\DSROLE.dll 7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\System32\cryptdll.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7feef6a0000 5010869b Jul 26 00:51:55 2012 c:\windows\system32\das.dll 7feef460000 5010853e Jul 26 00:46:06 2012 c:\windows\system32\pcasvc.dll 7feef420000 50109db5 Jul 26 02:30:29 2012 c:\windows\system32\AEPIC.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 c:\windows\system32\apphelp.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\USERENV.dll 7feeef30000 5010a9de Jul 26 03:22:22 2012 c:\windows\system32\sfc_os.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll 7feeeee0000 5010859c Jul 26 00:47:40 2012 C:\WINDOWS\system32\dafBth.dll 7feeec50000 5010871d Jul 26 00:54:05 2012 C:\WINDOWS\System32\BluetoothApis.dll 7feeec70000 50108842 Jul 26 00:58:58 2012 c:\windows\system32\trkwks.dll 7feeeca0000 50108220 Jul 26 00:32:48 2012 c:\windows\system32\sysmain.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7feedec0000 5010a974 Jul 26 03:20:36 2012 c:\windows\system32\hidserv.dll 7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef1f00000 5010810c Jul 26 00:28:12 2012 c:\windows\system32\listsvc.dll 7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\System32\SAMLIB.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\System32\wkscli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll 7fef1ca0000 505aa4c0 Sep 20 06:08:16 2012 C:\WINDOWS\System32\fhlisten.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef1c60000 501098ef Jul 26 02:10:07 2012 C:\WINDOWS\system32\hgprint.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV 7feebf30000 50109163 Jul 26 01:37:55 2012 C:\WINDOWS\System32\IdListen.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\NETAPI32.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\System32\PROPSYS.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\System32\ncrypt.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\System32\srvcli.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\System32\NTASN1.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\System32\SAMCLI.DLL 7feeb050000 50108a8f Jul 26 01:08:47 2012 C:\WINDOWS\system32\ncryptprov.dll 7feedc00000 5010883e Jul 26 00:58:54 2012 c:\windows\system32\wdi.dll 7feedc30000 50108908 Jul 26 01:02:16 2012 C:\WINDOWS\system32\pcadm.dll 7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\System32\wer.dll 7feedc20000 5010a948 Jul 26 03:19:52 2012 C:\WINDOWS\System32\pcacli.dll 7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\System32\MPR.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\Windows\System32\iertutil.dll 7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\WINDOWS\system32\ntshrui.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll 7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\System32\LINKINFO.dll 7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll 7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll 7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll 7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\cscapi.dll SubSystemData: 0000000000000000 ProcessHeap: 0000006f45b10000 ProcessParameters: 0000006f45b11170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\System32\svchost.exe' ImageFile: 'C:\WINDOWS\System32\svchost.exe' CommandLine: 'C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted' DllPath: '< Name not readable >' Environment: 0000006f45b10860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa80038999c0 Cid 03f0.03f4 Teb: 000007f6fad8e000 Win32Thread: fffff90100665710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800389a8e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015471dd0 Current fffff88015471900 Base fffff88015472000 Limit fffff8801546c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80038adb00 Cid 03f0.018c Teb: 000007f6fad87000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800388ab80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8985 Ticks: 15732143 (2:20:10:23.003) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address audioendpointbuilder!EventWorkerThread (0x000007fef2e7b224) Stack Init fffff8801543edd0 Current fffff8801543e7a0 Base fffff8801543f000 Limit fffff88015439000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038acb00 Cid 03f0.021c Teb: 000007f6fac5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038be640 QueueObject IRP List: fffffa8001ca9c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736102 Ticks: 5026 (0:00:01:18.406) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154c5dd0 Current fffff880154c5760 Base fffff880154c6000 Limit fffff880154c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80038ca080 Cid 03f0.014c Teb: 000007f6fad85000 Win32Thread: fffff901006a5b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8003735810: (0006,03e8) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736541 Ticks: 4587 (0:00:01:11.557) Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154bedd0 Current fffff880154be760 Base fffff880154bf000 Limit fffff880154b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003965b00 Cid 03f0.0380 Teb: 000007f6fac5c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003950d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9544 Ticks: 15731584 (2:20:10:14.283) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801553bdd0 Current fffff8801553b900 Base fffff8801553c000 Limit fffff88015536000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397e080 Cid 03f0.022c Teb: 000007f6fac58000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003951970 SynchronizationEvent fffffa8003921600 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9559 Ticks: 15731569 (2:20:10:14.049) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlgpclnt!MainGPAProc (0x000007fef0425d98) Stack Init fffff88015581dd0 Current fffff88015581180 Base fffff88015582000 Limit fffff8801557c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003984b00 Cid 03f0.0410 Teb: 000007f6fac54000 Win32Thread: fffff901006f4b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 1324 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155abdd0 Current fffff880155ab760 Base fffff880155ac000 Limit fffff880155a6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003918800 Cid 03f0.042c Teb: 000007f6fac50000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003943060 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9690 Ticks: 15731438 (2:20:10:12.005) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff880155cedd0 Current fffff880155ce900 Base fffff880155cf000 Limit fffff880155c9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039aa080 Cid 03f0.0590 Teb: 000007f6fac56000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba55d0 NotificationEvent fffffa800181aa50 NotificationEvent fffffa8003dbcfe0 NotificationEvent fffffa8003bf5190 SynchronizationTimer fffffa80018106e0 SynchronizationEvent fffffa8003f98600 SynchronizationEvent fffffa8001837060 SynchronizationEvent fffffa800184ea70 SynchronizationEvent fffffa8003f747e0 SynchronizationEvent fffffa80040693e0 NotificationEvent Impersonation token: fffff8a0027cf060 (Level Impersonation) Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741043 Ticks: 85 (0:00:00:01.326) Context Switch Count 10373 IdealProcessor: 0 UserTime 00:00:12.604 KernelTime 00:00:05.553 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fdbdd0 Current fffff88014fdb180 Base fffff88014fdc000 Limit fffff88014fd6000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80039b1080 Cid 03f0.05a4 Teb: 000007f6fac48000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800399a8c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10746 Ticks: 15730382 (2:20:09:55.531) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014fe9dd0 Current fffff88014fe9760 Base fffff88014fea000 Limit fffff88014fe4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039a7a00 Cid 03f0.05a8 Teb: 000007f6fac46000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a5fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10745 Ticks: 15730383 (2:20:09:55.547) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pcasvc!UfhpShortcutListenerThread (0x000007feef47ba00) Stack Init fffff88014fe2dd0 Current fffff88014fe2900 Base fffff88014fe3000 Limit fffff88014fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea3b00 Cid 03f0.077c Teb: 000007f6fac4c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea6b00 Thread Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fcddd0 Current fffff88015fcd900 Base fffff88015fce000 Limit fffff88015fc8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea6b00 Cid 03f0.078c Teb: 000007f6fac44000 Win32Thread: fffff901006953a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003e1b340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 111 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidServMain (0x000007feedec1d44) Stack Init fffff88015fb1dd0 Current fffff88015fb15f0 Base fffff88015fb2000 Limit fffff88015fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003eac440 Cid 03f0.0794 Teb: 000007f6fac40000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003683360 NotificationEvent fffffa8003e3ac70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadInputProc (0x000007feedec22c4) Stack Init fffff88015fe2dd0 Current fffff88015fe2180 Base fffff88015fe3000 Limit fffff88015fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f935c0 Cid 03f0.0788 Teb: 000007f6fac4e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a700 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14894 Ticks: 15726234 (2:20:08:50.822) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fa3dd0 Current fffff88015fa3900 Base fffff88015fa4000 Limit fffff88015f9e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027b9080 Cid 03f0.090c Teb: 000007f6fac32000 Win32Thread: fffff901006a7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80027835e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681099 Ticks: 60029 (0:00:15:36.458) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016357dd0 Current fffff88016357900 Base fffff88016358000 Limit fffff88016352000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ef2b00 Cid 03f0.09b4 Teb: 000007f6fac2e000 Win32Thread: fffff901001ea820 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e4c70 NotificationEvent fffffa8003f918f0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016270dd0 Current fffff88016270180 Base fffff88016271000 Limit fffff8801626b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038e9b00 Cid 03f0.09b8 Teb: 000007f6fac2c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f91360 NotificationEvent fffffa8003e0fc60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681388 Ticks: 59740 (0:00:15:31.949) Context Switch Count 369 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016277dd0 Current fffff88016277180 Base fffff88016278000 Limit fffff88016272000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e8cb00 Cid 03f0.09bc Teb: 000007f6fac2a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f5fe60 NotificationEvent fffffa8003f47d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681387 Ticks: 59741 (0:00:15:31.965) Context Switch Count 377 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801605add0 Current fffff8801605a180 Base fffff8801605b000 Limit fffff88016055000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027c1080 Cid 03f0.09c0 Teb: 000007f6fac28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f30650 NotificationEvent fffffa8003e0ce90 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681390 Ticks: 59738 (0:00:15:31.918) Context Switch Count 1348 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016269dd0 Current fffff88016269180 Base fffff8801626a000 Limit fffff88016264000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8004080740 Cid 03f0.09c4 Teb: 000007f6fac26000 Win32Thread: fffff9010069bb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0cf10 NotificationEvent fffffa8003f951b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003194dd0 Current fffff88003194180 Base fffff88003195000 Limit fffff8800318f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e9ab00 Cid 03f0.09c8 Teb: 000007f6fac24000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95400 NotificationEvent fffffa80040181d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681882 Ticks: 59246 (0:00:15:24.243) Context Switch Count 837 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880162eedd0 Current fffff880162ee180 Base fffff880162ef000 Limit fffff880162e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003dc4340 Cid 03f0.09d0 Teb: 000007f6fac22000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f3b300 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14909 Ticks: 15726219 (2:20:08:50.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f47dd0 Current fffff88002f47760 Base fffff88002f48000 Limit fffff88002f42000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002da3b00 Cid 03f0.05b8 Teb: 000007f6fac5a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038ce440 SynchronizationEvent fffffa80024c5ee0 SynchronizationEvent fffffa800268b680 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 22773 Ticks: 15718355 (2:20:06:47.909) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IdListen!CProviderWatcher::ThreadProc (0x000007feebf42b68) Stack Init fffff880154efdd0 Current fffff880154ef180 Base fffff880154f0000 Limit fffff880154ea000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e5ab00 Cid 03f0.0970 Teb: 000007f6fad8c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306d620 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20972 Ticks: 15720156 (2:20:07:16.005) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f25dd0 Current fffff88015f25900 Base fffff88015f26000 Limit fffff88015f20000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800414f080 Cid 03f0.0878 Teb: 000007f6fac34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0a900 SynchronizationEvent fffffa800413f5a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740542 Ticks: 586 (0:00:00:09.141) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017180dd0 Current fffff88017180180 Base fffff88017181000 Limit fffff8801717b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018d0b00 Cid 03f0.0c98 Teb: 000007f6fac1e000 Win32Thread: fffff901006fbb90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003fc1910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 31963 Ticks: 15709165 (2:20:04:24.544) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801711edd0 Current fffff8801711e5f0 Base fffff8801711f000 Limit fffff88017119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001ff0080 Cid 03f0.0f00 Teb: 000007f6fad83000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8001f542c0: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 1122 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160fbdd0 Current fffff880160fb760 Base fffff880160fc000 Limit fffff880160f6000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800260da00 Cid 03f0.0da0 Teb: 000007f6fac3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001822160 NotificationEvent fffffa8003648c60 SynchronizationEvent IRP List: fffffa80038d3b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80038204b0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff8801630add0 Current fffff8801630a180 Base fffff8801630b000 Limit fffff88016305000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037dd700 Cid 03f0.0d48 Teb: 000007f6fac3a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306a2b0 NotificationEvent fffffa8003e59ba0 SynchronizationEvent IRP List: fffffa8001fbe9f0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003022330 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff880155c7dd0 Current fffff880155c7180 Base fffff880155c8000 Limit fffff880155c2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b02540 Cid 03f0.0ac4 Teb: 000007f6fac38000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8004129190 NotificationEvent fffffa800183e8e0 SynchronizationEvent IRP List: fffffa800413d9e0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003250690 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff8801635edd0 Current fffff8801635e180 Base fffff8801635f000 Limit fffff88016359000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80036ca9c0 Cid 03f0.0e58 Teb: 000007f6fac4a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f073f0 NotificationEvent fffffa8003e70460 NotificationEvent fffffa8001cd5720 NotificationEvent fffffa800262ab60 NotificationEvent fffffa80039b6180 NotificationEvent fffffa80027e1410 NotificationEvent fffffa8003b69c80 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pcasvc!PcapArpMonitorThread (0x000007feef479820) Stack Init fffff88014ecadd0 Current fffff88014eca180 Base fffff88014ecb000 Limit fffff88014ec5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003d9b080 Cid 03f0.0580 Teb: 000007f6fac52000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 270 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174cbdd0 Current fffff880174cb760 Base fffff880174cc000 Limit fffff880174c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa800392c540 SessionId: 0 Cid: 03b8 Peb: 7f6fb68f000 ParentCid: 0220 DirBase: 2fe18000 ObjectTable: fffff8a00277ad80 HandleCount: Image: svchost.exe VadRoot fffffa8003b97790 Vads 231 Clone 0 Private 1237. Modified 376. Locked 0. DeviceMap fffff8a0007b8aa0 Token fffff8a0021e8060 ElapsedTime 2 Days 20:10:29.071 UserTime 00:00:00.265 KernelTime 00:00:00.702 QuotaPoolUsage[PagedPool] 124440 QuotaPoolUsage[NonPagedPool] 35296 Working Set Sizes (now,min,max) (3221, 50, 345) (12884KB, 200KB, 1380KB) PeakWorkingSetSize 3308 VirtualSize 1358 Mb PeakVirtualSize 1614 Mb PageFaultCount 6706 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2353 Setting context for this process... .process /p /r fffffa800392c540 !peb PEB at 000007f6fb68f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000c2343c1a20 . 000000c276c99a20 Ldr.InLoadOrderModuleList: 000000c2343c1b80 . 000000c276c99d60 Ldr.InMemoryOrderModuleList: 000000c2343c1b90 . 000000c276c99d70 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef0b30000 505a9bd3 Sep 20 05:30:11 2012 c:\windows\system32\dnsrslvr.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\SYSTEM32\Fwpuclnt.dll 7fef06d0000 501089ef Jul 26 01:06:07 2012 C:\WINDOWS\System32\dnsext.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\iphlpapi.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7feef730000 50108807 Jul 26 00:57:59 2012 c:\windows\system32\wkssvc.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 c:\windows\system32\netutils.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7feef700000 501089c3 Jul 26 01:05:23 2012 c:\windows\system32\cryptsvc.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feef600000 505a9748 Sep 20 05:10:48 2012 c:\windows\system32\nlasvc.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 c:\windows\system32\wevtapi.dll 7feef590000 505ab116 Sep 20 07:00:54 2012 c:\windows\system32\ncsi.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 c:\windows\system32\WINHTTP.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll 7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7feef440000 50108778 Jul 26 00:55:36 2012 C:\Windows\System32\cryptcatsvc.dll 7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL 7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL 7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\ssdpapi.dll 7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\system32\WMICLNT.dll 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\WlanApi.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\WINDOWS\system32\CRYPTNET.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\system32\Cabinet.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll SubSystemData: 0000000000000000 ProcessHeap: 000000c2343c0000 ProcessParameters: 000000c2343c11f0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k NetworkService' DllPath: '< Name not readable >' Environment: 000000c2343c0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\Windows\ServiceProfiles\NetworkService windir=C:\WINDOWS THREAD fffffa800391a700 Cid 03b8.027c Teb: 000007f6fb68d000 Win32Thread: fffff90100671710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003931f50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 185 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015527dd0 Current fffff88015527900 Base fffff88015528000 Limit fffff88015522000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800395b080 Cid 03b8.0264 Teb: 000007f6fb685000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039278c0 NotificationEvent fffffa800372eb58 NotificationEvent fffffa800391e4e0 SynchronizationEvent fffffa80038b04b0 SynchronizationEvent IRP List: fffffa8003938840: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740650 Ticks: 478 (0:00:00:07.456) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!NotifyThread (0x000007fef0b338fc) Stack Init fffff880154dadd0 Current fffff880154da180 Base fffff880154db000 Limit fffff880154d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800396a080 Cid 03b8.02ac Teb: 000007f6fb683000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963650 NotificationEvent fffffa80039278c0 NotificationEvent IRP List: fffffa800360cc10: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681374 Ticks: 59754 (0:00:15:32.168) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!Ip_NotifyThread (0x000007fef0b34d90) Stack Init fffff880154fddd0 Current fffff880154fd180 Base fffff880154fe000 Limit fffff880154f8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003963080 Cid 03b8.0274 Teb: 000007f6fb55e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393a0c0 NotificationEvent fffffa8003858f60 NotificationEvent fffffa8003858fe0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679521 Ticks: 61607 (0:00:16:01.075) Context Switch Count 1728 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address dnsrslvr!Mcast_Thread (0x000007fef0b35720) Stack Init fffff88015565dd0 Current fffff88015565180 Base fffff88015566000 Limit fffff88015560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800396ab00 Cid 03b8.03e8 Teb: 000007f6fb55c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963e10 SynchronizationEvent fffffa800396a630 SynchronizationEvent fffffa80039636d0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679799 Ticks: 61329 (0:00:15:56.738) Context Switch Count 1551 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address dnsrslvr!ProcessIpChangeNotificationRequestThread (0x000007fef0b3517c) Stack Init fffff8801556cdd0 Current fffff8801556c180 Base fffff8801556d000 Limit fffff88015567000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030ae4c0 Cid 03b8.0534 Teb: 000007f6fb552000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800308c800 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10599 Ticks: 15730529 (2:20:09:57.825) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wkssvc!StartIOProcessing (0x000007feef737a10) Stack Init fffff88014f48dd0 Current fffff88014f487a0 Base fffff88014f49000 Limit fffff88014f43000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b1eb00 Cid 03b8.0540 Teb: 000007f6fb550000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800308c200 QueueObject IRP List: fffffa8001fd9010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d28010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003046010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003ddec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736475 Ticks: 4653 (0:00:01:12.587) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f56dd0 Current fffff88014f56760 Base fffff88014f57000 Limit fffff88014f51000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003b64080 Cid 03b8.05ac Teb: 000007f6fb554000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a43e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11019 Ticks: 15730109 (2:20:09:51.273) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014ff0dd0 Current fffff88014ff0900 Base fffff88014ff1000 Limit fffff88014feb000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b92980 Cid 03b8.05b0 Teb: 000007f6fb548000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b78c40 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10790 Ticks: 15730338 (2:20:09:54.845) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014ff7dd0 Current fffff88014ff77a0 Base fffff88014ff8000 Limit fffff88014ff2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bbeb00 Cid 03b8.05fc Teb: 000007f6fb546000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbbc70 SynchronizationEvent fffffa8003ba72a0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736071 Ticks: 5057 (0:00:01:18.889) Context Switch Count 11454 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.187 Win32 Start Address nlasvc!QueueMonitor (0x000007feef60adf0) Stack Init fffff88014fbfdd0 Current fffff88014fbf180 Base fffff88014fc0000 Limit fffff88014fba000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003be8080 Cid 03b8.060c Teb: 000007f6fb540000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 11308 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.187 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e06dd0 Current fffff88015e06760 Base fffff88015e07000 Limit fffff88015e01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003d9ba80 Cid 03b8.064c Teb: 000007f6fb53a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d8dfe0 SynchronizationEvent fffffa8003675c80 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11379 Ticks: 15729749 (2:20:09:45.657) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e45dd0 Current fffff88015e45180 Base fffff88015e46000 Limit fffff88015e40000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e13700 Cid 03b8.06bc Teb: 000007f6fb538000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e13aa8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00218c030 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ssdpapi!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff8801619cdd0 Current fffff8801619c660 Base fffff8801619d000 Limit fffff88016197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e94b00 Cid 03b8.0ee0 Teb: 000007f6fb558000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa800404faa0: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738611 Ticks: 2517 (0:00:00:39.265) Context Switch Count 4783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ec3dd0 Current fffff88015ec3760 Base fffff88015ec4000 Limit fffff88015ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003dcf940 Cid 03b8.0ec0 Teb: 000007f6fb556000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8003f9f730: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736646 Ticks: 4482 (0:00:01:09.919) Context Switch Count 1442 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ee6dd0 Current fffff88015ee6760 Base fffff88015ee7000 Limit fffff88015ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d7e080 Cid 03b8.0e10 Teb: 000007f6fb544000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8002142120: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736067 Ticks: 5061 (0:00:01:18.952) Context Switch Count 4965 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016205dd0 Current fffff88016205760 Base fffff88016206000 Limit fffff88016200000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80037f5780 Cid 03b8.0cd4 Teb: 000007f6fb542000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f7b060 NotificationEvent fffffa80027a8780 NotificationEvent fffffa8003f762e0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679467 Ticks: 61661 (0:00:16:01.917) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!Responder_Thread (0x000007fef0b35850) Stack Init fffff880164afdd0 Current fffff880164af180 Base fffff880164b0000 Limit fffff880164aa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc5080 Cid 03b8.0eb4 Teb: 000007f6fb689000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738862 Ticks: 2266 (0:00:00:35.349) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015180dd0 Current fffff88015180760 Base fffff88015181000 Limit fffff8801517b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003b50480 SessionId: 0 Cid: 04c8 Peb: 7f7cf335000 ParentCid: 0220 DirBase: 3b055000 ObjectTable: fffff8a001f01980 HandleCount: Image: spoolsv.exe VadRoot fffffa8003b55d20 Vads 141 Clone 0 Private 657. Modified 10968. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a002237060 ElapsedTime 2 Days 20:10:12.612 UserTime 00:00:05.288 KernelTime 00:00:00.670 QuotaPoolUsage[PagedPool] 158112 QuotaPoolUsage[NonPagedPool] 19120 Working Set Sizes (now,min,max) (2749, 50, 345) (10996KB, 200KB, 1380KB) PeakWorkingSetSize 3288 VirtualSize 74 Mb PeakVirtualSize 87 Mb PageFaultCount 9171 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1046 Setting context for this process... .process /p /r fffffa8003b50480 !peb PEB at 000007f7cf335000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7cfb80000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000000000761980 . 00000000007c8120 Ldr.InLoadOrderModuleList: 0000000000761ae0 . 00000000007c8100 Ldr.InMemoryOrderModuleList: 0000000000761af0 . 00000000007c8110 Base TimeStamp Module 7f7cfb80000 501080ef Jul 26 00:27:43 2012 C:\WINDOWS\System32\spoolsv.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\System32\DNSAPI.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7feeabc0000 50108063 Jul 26 00:25:23 2012 C:\WINDOWS\System32\localspl.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\System32\srvcli.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll 7feeaba0000 5010a9bf Jul 26 03:21:51 2012 C:\WINDOWS\System32\SPOOLSS.DLL 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\winspool.drv 7feeab80000 50108216 Jul 26 00:32:38 2012 C:\WINDOWS\System32\PrintIsolationProxy.dll 7feed230000 5010a402 Jul 26 02:57:22 2012 C:\WINDOWS\System32\FXSMON.DLL 7feeab10000 50108202 Jul 26 00:32:18 2012 C:\WINDOWS\System32\tcpmon.dll 7feec230000 50108a1b Jul 26 01:06:51 2012 C:\WINDOWS\System32\snmpapi.dll 7feeaaf0000 5010a97d Jul 26 03:20:45 2012 C:\WINDOWS\System32\wsnmp32.dll 7feeaab0000 5010a375 Jul 26 02:55:01 2012 C:\WINDOWS\System32\usbmon.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feeaa60000 50108353 Jul 26 00:37:55 2012 C:\WINDOWS\System32\WSDMon.dll 7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\WINDOWS\System32\wsdapi.dll 7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\System32\webservices.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\System32\FirewallAPI.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll 7feeaa40000 501086cb Jul 26 00:52:43 2012 C:\Windows\System32\fdPnp.dll 7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\Windows\System32\ATL.DLL 7feea990000 505ab098 Sep 20 06:58:48 2012 C:\WINDOWS\System32\drvstore.dll 7feebf70000 50108915 Jul 26 01:02:29 2012 C:\WINDOWS\system32\spool\PRTPROCS\x64\winprint.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\System32\VERSION.dll 7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\DSROLE.dll 7feea8d0000 5010804f Jul 26 00:25:03 2012 C:\WINDOWS\System32\win32spl.dll 7feea870000 50109f66 Jul 26 02:37:42 2012 C:\WINDOWS\System32\inetpp.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll 7feebf20000 5010ac3d Jul 26 03:32:29 2012 C:\WINDOWS\System32\sfc.dll 7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\System32\sfc_os.DLL 7fef40c0000 501089e6 Jul 26 01:05:58 2012 C:\WINDOWS\System32\DEVRTL.dll 7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\System32\SPINF.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7feedc40000 5010a97d Jul 26 03:20:45 2012 C:\WINDOWS\System32\SPFILEQ.dll 7feece60000 505aa512 Sep 20 06:09:38 2012 C:\WINDOWS\System32\DriverStore\FileRepository\prnms003.inf_amd64_f4cd66319c03270a\Amd64\PrintConfig.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7feecb00000 5010a1fe Jul 26 02:48:46 2012 C:\WINDOWS\SYSTEM32\prntvpt.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\System32\SHCORE.dll 7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\System32\Cabinet.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7feecbc0000 505aa512 Sep 20 06:09:38 2012 C:\WINDOWS\system32\spool\DRIVERS\x64\3\PrintConfig.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\cscapi.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\System32\WTSAPI32.dll SubSystemData: 0000000000000000 ProcessHeap: 0000000000760000 ProcessParameters: 0000000000761170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\System32\spoolsv.exe' ImageFile: 'C:\WINDOWS\System32\spoolsv.exe' CommandLine: 'C:\WINDOWS\System32\spoolsv.exe' DllPath: '< Name not readable >' Environment: 0000000000760860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8003031800 Cid 04c8.04cc Teb: 000007f7cf33e000 Win32Thread: fffff90100679b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003037340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address spoolsv!mainCRTStartup (0x000007f7cfbce6e0) Stack Init fffff88014ea7dd0 Current fffff88014ea7900 Base fffff88014ea8000 Limit fffff88014ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003056b00 Cid 04c8.04d8 Teb: 000007f7cf338000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b55c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 10343 Ticks: 15730785 (2:20:10:01.818) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014ebcdd0 Current fffff88014ebc900 Base fffff88014ebd000 Limit fffff88014eb7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800305d5c0 Cid 04c8.04e0 Teb: 000007f7cf333000 Win32Thread: fffff901006d9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039f84c0 SynchronizationEvent fffffa800399ab00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18582 Ticks: 15722546 (2:20:07:53.289) Context Switch Count 172 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.078 Win32 Start Address spoolsv!PreInitializeRouter (0x000007f7cfbc4e00) Stack Init fffff88014ec3dd0 Current fffff88014ec3180 Base fffff88014ec4000 Limit fffff88014ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800269c700 Cid 04c8.0b34 Teb: 000007f7cf20e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001892de0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18364 Ticks: 15722764 (2:20:07:56.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff88015512dd0 Current fffff88015512900 Base fffff88015513000 Limit fffff8801550d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002692080 Cid 04c8.0b4c Teb: 000007f7cf20c000 Win32Thread: fffff901006d9290 WAIT: (UserRequest) UserMode Non-Alertable fffffa800399ab80 SynchronizationEvent fffffa80039a16a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15693645 Ticks: 47483 (0:00:12:20.739) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address fdPnp!CPnpProvider::ListenerThread (0x000007feeaa430ec) Stack Init fffff8801516bdd0 Current fffff8801516b180 Base fffff8801516c000 Limit fffff88015166000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002772080 Cid 04c8.0b54 Teb: 000007f7cf208000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d320 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18614 Ticks: 15722514 (2:20:07:52.790) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address PrintIsolationProxy!sandbox::ModuleManager::DelayUnloadWorkerThread (0x000007feeab85798) Stack Init fffff88003da1dd0 Current fffff88003da1900 Base fffff88003da2000 Limit fffff88003d9c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002767400 Cid 04c8.0b58 Teb: 000007f7cf206000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f29850 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 19667 Ticks: 15721461 (2:20:07:36.363) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address localspl!SchedulerThread (0x000007feeabce168) Stack Init fffff880160f4dd0 Current fffff880160f4900 Base fffff880160f5000 Limit fffff880160ef000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800276f080 Cid 04c8.0b7c Teb: 000007f7cf1fe000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038e98c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18481 Ticks: 15722647 (2:20:07:54.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015534dd0 Current fffff88015534760 Base fffff88015535000 Limit fffff8801552f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002683080 Cid 04c8.05d8 Teb: 000007f7cf204000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038c6a40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 21055 Ticks: 15720073 (2:20:07:14.710) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155b9dd0 Current fffff880155b9760 Base fffff880155ba000 Limit fffff880155b4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d65b00 Cid 04c8.0b10 Teb: 000007f7cf33c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003046d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15728134 Ticks: 12994 (0:00:03:22.707) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173e2dd0 Current fffff880173e2760 Base fffff880173e3000 Limit fffff880173dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa800305c740 SessionId: 0 Cid: 04e4 Peb: 7f6fb17c000 ParentCid: 0220 DirBase: 3b3c6000 ObjectTable: fffff8a007e52800 HandleCount: Image: svchost.exe VadRoot fffffa8003b6bb00 Vads 169 Clone 0 Private 2473. Modified 1706. Locked 0. DeviceMap fffff8a002487200 Token fffff8a007e5f060 ElapsedTime 2 Days 20:10:12.144 UserTime 00:00:01.310 KernelTime 00:00:00.374 QuotaPoolUsage[PagedPool] 128712 QuotaPoolUsage[NonPagedPool] 38640 Working Set Sizes (now,min,max) (4814, 50, 345) (19256KB, 200KB, 1380KB) PeakWorkingSetSize 17972 VirtualSize 95 Mb PeakVirtualSize 1155 Mb PageFaultCount 53486 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 4281 Setting context for this process... .process /p /r fffffa800305c740 !peb PEB at 000007f6fb17c000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000006f51081a40 . 0000006f529aa120 Ldr.InLoadOrderModuleList: 0000006f51081ba0 . 0000006f529aa100 Ldr.InMemoryOrderModuleList: 0000006f51081bb0 . 0000006f529aa110 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7feef860000 501088a9 Jul 26 01:00:41 2012 c:\windows\system32\bfe.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 c:\windows\system32\AUTHZ.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\SYSTEM32\wevtapi.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll 7feef770000 501083d2 Jul 26 00:40:02 2012 c:\windows\system32\mpssvc.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 c:\windows\system32\FirewallAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 c:\windows\system32\fwpuclnt.dll 7feef720000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\adhapi.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7feef660000 50108836 Jul 26 00:58:46 2012 c:\windows\system32\dps.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll 7feeef20000 50108938 Jul 26 01:03:04 2012 C:\WINDOWS\system32\wfapigp.dll 7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\WINDOWS\SYSTEM32\mrmcorer.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\system32\ntmarta.dll 7feedc00000 5010883e Jul 26 00:58:54 2012 C:\WINDOWS\system32\wdi.dll 7feed8c0000 50109756 Jul 26 02:03:18 2012 C:\WINDOWS\system32\diagperf.dll 7feed8b0000 5010a852 Jul 26 03:15:46 2012 C:\WINDOWS\system32\pnpts.dll 7feed6c0000 501087d4 Jul 26 00:57:08 2012 C:\WINDOWS\System32\srumsvc.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7feebc40000 5010a625 Jul 26 03:06:29 2012 C:\WINDOWS\system32\wdiasqmmodule.dll 7feebc20000 5010883c Jul 26 00:58:52 2012 C:\WINDOWS\System32\nduprov.dll 7feebc10000 50108838 Jul 26 00:58:48 2012 C:\WINDOWS\System32\wpnsruprov.dll 7feebc00000 501089b3 Jul 26 01:05:07 2012 C:\WINDOWS\System32\appsruprov.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7feebbf0000 50108984 Jul 26 01:04:20 2012 C:\WINDOWS\System32\energyprov.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7feebbe0000 501089d1 Jul 26 01:05:37 2012 C:\WINDOWS\system32\SrumAPI.dll 7feed640000 5010a15c Jul 26 02:46:04 2012 C:\WINDOWS\system32\dtsh.dll 7fef0010000 5010a84c Jul 26 03:15:40 2012 C:\WINDOWS\system32\radardt.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef3780000 501089a5 Jul 26 01:04:53 2012 C:\WINDOWS\system32\pots.dll 7fef3690000 50108798 Jul 26 00:56:08 2012 C:\WINDOWS\system32\tdh.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll SubSystemData: 0000000000000000 ProcessHeap: 0000006f51080000 ProcessParameters: 0000006f51081200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork' DllPath: '< Name not readable >' Environment: 0000006f51080860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa8003007700 Cid 04e4.04e8 Teb: 000007f6fb17e000 Win32Thread: fffff9010067fb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b26060 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679320 Ticks: 61808 (0:00:16:04.210) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88014ed8dd0 Current fffff88014ed8900 Base fffff88014ed9000 Limit fffff88014ed3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800379fb00 Cid 04e4.04fc Teb: 000007f6fb174000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037eb480 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10504 Ticks: 15730624 (2:20:09:59.307) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014eeddd0 Current fffff88014eed900 Base fffff88014eee000 Limit fffff88014ee8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003086b00 Cid 04e4.0500 Teb: 000007f6fb04e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f1d00 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10510 Ticks: 15730618 (2:20:09:59.213) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014ef4dd0 Current fffff88014ef4900 Base fffff88014ef5000 Limit fffff88014eef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030a5080 Cid 04e4.050c Teb: 000007f6fb04c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800309e180 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 269 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014f02dd0 Current fffff88014f02900 Base fffff88014f03000 Limit fffff88014efd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003009b00 Cid 04e4.0518 Teb: 000007f6fb048000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030a27d0 SynchronizationEvent fffffa8001cd23f0 NotificationEvent fffffa8003b558f0 NotificationEvent fffffa8001cd22f0 NotificationEvent fffffa80030b4fe0 NotificationEvent IRP List: fffffa800266bdf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8002ea3820: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f9c580: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003e71ae0: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 238 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address mpssvc!FwCachedStoreEnumBlobs (0x000007feef77c5b0) Stack Init fffff88014f10dd0 Current fffff88014f10180 Base fffff88014f11000 Limit fffff88014f0b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030a4080 Cid 04e4.0524 Teb: 000007f6fb044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b566f0 SynchronizationEvent fffffa8003082470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736866 Ticks: 4262 (0:00:01:06.487) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bfe!BfeNetEventRealTimeWorker (0x000007feef8a2b3c) Stack Init fffff88014f25dd0 Current fffff88014f25180 Base fffff88014f26000 Limit fffff88014f20000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80030bf7c0 Cid 04e4.0528 Teb: 000007f6fb042000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800309c880 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679399 Ticks: 61729 (0:00:16:02.978) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.187 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f3add0 Current fffff88014f3a760 Base fffff88014f3b000 Limit fffff88014f35000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b1e080 Cid 04e4.054c Teb: 000007f6fb03e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b63900 SynchronizationEvent fffffa8003b621a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 513 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f64dd0 Current fffff88014f64180 Base fffff88014f65000 Limit fffff88014f5f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003b27080 Cid 04e4.0550 Teb: 000007f6fb03c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80030ae430 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679709 Ticks: 61419 (0:00:15:58.142) Context Switch Count 2557 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address mpssvc!NVNWorkerThread (0x000007feef7888e0) Stack Init fffff88014f6bdd0 Current fffff88014f6b900 Base fffff88014f6c000 Limit fffff88014f66000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b25080 Cid 04e4.0554 Teb: 000007f6fb03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003b27890 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13505 Ticks: 15727623 (2:20:09:12.491) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpssvc!FwDynDataNotifySinkProc (0x000007feef7a5230) Stack Init fffff88014f72dd0 Current fffff88014f72900 Base fffff88014f73000 Limit fffff88014f6d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b25b00 Cid 04e4.0558 Teb: 000007f6fb038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b27700 SynchronizationEvent fffffa8003b27780 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680160 Ticks: 60968 (0:00:15:51.106) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpssvc!FwMonitorQuarantineState (0x000007feef788570) Stack Init fffff88014f79dd0 Current fffff88014f79180 Base fffff88014f7a000 Limit fffff88014f74000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b23b00 Cid 04e4.0570 Teb: 000007f6fb034000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b677d0 NotificationEvent fffffa8003b70a50 SynchronizationEvent fffffa8003b709d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719355 Ticks: 21773 (0:00:05:39.660) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address dps!DpspBackgroundControl (0x000007feef6631a0) Stack Init fffff88014fa3dd0 Current fffff88014fa3180 Base fffff88014fa4000 Limit fffff88014f9e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030b1700 Cid 04e4.0768 Teb: 000007f6fb036000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea15a0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12536 Ticks: 15728592 (2:20:09:27.607) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dps!_imp_load_WdipLaunchLocalHost (0x000007feef669c68) Stack Init fffff88015faadd0 Current fffff88015faa900 Base fffff88015fab000 Limit fffff88015fa5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f38080 Cid 04e4.06a4 Teb: 000007f6fb026000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f196b0 NotificationEvent fffffa8003f2ae60 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15691573 Ticks: 49555 (0:00:12:53.062) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wdiasqmmodule!WDIASqmNamespace::CASqmManager::static_UpdateThreadProc (0x000007feebc424e8) Stack Init fffff88016092dd0 Current fffff88016092180 Base fffff88016093000 Limit fffff8801608d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e2db00 Cid 04e4.0754 Teb: 000007f6fb024000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e202d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wpnsruprov!WpnSruServerHost (0x000007feebc11544) Stack Init fffff880161bfdd0 Current fffff880161bf900 Base fffff880161c0000 Limit fffff880161ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f3c080 Cid 04e4.0770 Teb: 000007f6fb022000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003da61a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679073 Ticks: 62055 (0:00:16:08.064) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address energyprov!SrumtelRunEventQueueWorker (0x000007feebbf55dc) Stack Init fffff880161c6dd0 Current fffff880161c6900 Base fffff880161c7000 Limit fffff880161c1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c0b080 Cid 04e4.0198 Teb: 000007f6fb04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003956ca0 NotificationEvent fffffa80017fbad0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 27182 Ticks: 15713946 (2:20:05:39.128) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address radardt!RdrpMonitorResources (0x000007fef0014910) Stack Init fffff880164fcdd0 Current fffff880164fc180 Base fffff880164fd000 Limit fffff880164f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd7080 Cid 04e4.0dfc Teb: 000007f6fb17a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c82890 NotificationEvent fffffa8004069060 NotificationTimer fffffa80041feac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 352 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address radardt!RdrpMonitorCommitCharge (0x000007fef0011044) Stack Init fffff8801736add0 Current fffff8801736a180 Base fffff8801736b000 Limit fffff88017365000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800211a5c0 Cid 04e4.0d24 Teb: 000007f6fb176000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 1087 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015061dd0 Current fffff88015061760 Base fffff88015062000 Limit fffff8801505c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003e91080 Cid 04e4.0f5c Teb: 000007f6fb178000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 942 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014ee6dd0 Current fffff88014ee6760 Base fffff88014ee7000 Limit fffff88014ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018d4780 Cid 04e4.0a58 Teb: 000007f6fb040000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 300 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017117dd0 Current fffff88017117760 Base fffff88017118000 Limit fffff88017112000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800307db00 Cid 04e4.012c Teb: 000007f6fb046000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017125dd0 Current fffff88017125760 Base fffff88017126000 Limit fffff88017120000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa80039a9940 SessionId: 0 Cid: 0598 Peb: 7f680503000 ParentCid: 0220 DirBase: 3e8d9000 ObjectTable: fffff8a002749980 HandleCount: Image: MsMpEng.exe VadRoot fffffa8001d5c8f0 Vads 562 Clone 0 Private 15827. Modified 187229. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a00661f060 ElapsedTime 2 Days 20:10:06.404 UserTime 00:00:28.984 KernelTime 00:00:04.009 QuotaPoolUsage[PagedPool] 229304 QuotaPoolUsage[NonPagedPool] 78016 Working Set Sizes (now,min,max) (11514, 50, 345) (46056KB, 200KB, 1380KB) PeakWorkingSetSize 89567 VirtualSize 199 Mb PeakVirtualSize 509 Mb PageFaultCount 850028 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 17114 Setting context for this process... .process /p /r fffffa80039a9940 !peb PEB at 000007f680503000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f680bf0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000071da4719d0 . 00000071da491e00 Ldr.InLoadOrderModuleList: 00000071da471b30 . 00000071da491de0 Ldr.InMemoryOrderModuleList: 00000071da471b40 . 00000071da491df0 Base TimeStamp Module 7f680bf0000 5010a938 Jul 26 03:19:36 2012 C:\Program Files\Windows Defender\MsMpEng.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feef2b0000 50109d8b Jul 26 02:29:47 2012 C:\Program Files\Windows Defender\mpsvc.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll 7feeedf0000 50109ed2 Jul 26 02:35:14 2012 C:\Program Files\Windows Defender\mpclient.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\SYSTEM32\VERSION.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7feeea50000 5010a095 Jul 26 02:42:45 2012 C:\Program Files\Windows Defender\mprtp.dll 7feee8d0000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\SYSTEM32\FLTLIB.DLL 7fef7b20000 50108aed Jul 26 01:10:21 2012 C:\WINDOWS\system32\psapi.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\sspicli.dll 7feedf40000 50107eeb Jul 26 00:19:07 2012 C:\WINDOWS\system32\wscapi.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll 7fef7ce0000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\imagehlp.dll 7fee24b0000 5077c388 Oct 12 08:15:20 2012 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F89690-6BB7-40A3-9B36-022257D7D294}\mpengine.dll SubSystemData: 0000000000000000 ProcessHeap: 00000071da470000 ProcessParameters: 00000071da471170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\Program Files\Windows Defender\MsMpEng.exe' ImageFile: 'C:\Program Files\Windows Defender\MsMpEng.exe' CommandLine: '"C:\Program Files\Windows Defender\MsMpEng.exe"' DllPath: '< Name not readable >' Environment: 00000071da48bff0 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8003b8bb00 Cid 0598.059c Teb: 000007f68050e000 Win32Thread: fffff90100685290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba4060 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address MsMpEng!AbsMain (0x000007f680bf10d8) Stack Init fffff880155c0dd0 Current fffff880155c0900 Base fffff880155c1000 Limit fffff880155bb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800302eb00 Cid 0598.05c0 Teb: 000007f68050c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8003bcc6c0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736406 Ticks: 4722 (0:00:01:13.663) Context Switch Count 1304 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e76dd0 Current fffff88014e76760 Base fffff88014e77000 Limit fffff88014e71000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003be8b00 Cid 0598.0618 Teb: 000007f680506000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003ba9380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15722723 Ticks: 18405 (0:00:04:47.119) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e14dd0 Current fffff88015e14760 Base fffff88015e15000 Limit fffff88015e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bce080 Cid 0598.0674 Teb: 000007f6803da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.717 KernelTime 00:00:00.046 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e61dd0 Current fffff88015e617a0 Base fffff88015e62000 Limit fffff88015e5c000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bce9c0 Cid 0598.0678 Teb: 000007f6803d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690575 Ticks: 50553 (0:00:13:08.631) Context Switch Count 2401 IdealProcessor: 0 UserTime 00:00:05.475 KernelTime 00:00:00.374 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014f80dd0 Current fffff88014f807a0 Base fffff88014f81000 Limit fffff88014f7b000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003de5b00 Cid 0598.067c Teb: 000007f6803d6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15735445 Ticks: 5683 (0:00:01:28.655) Context Switch Count 6123 IdealProcessor: 0 UserTime 00:00:16.068 KernelTime 00:00:01.201 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014fb8dd0 Current fffff88014fb87a0 Base fffff88014fb9000 Limit fffff88014fb3000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b88080 Cid 0598.0680 Teb: 000007f6803d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 4005 IdealProcessor: 0 UserTime 00:00:09.172 KernelTime 00:00:00.904 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e6fdd0 Current fffff88015e6f7a0 Base fffff88015e70000 Limit fffff88015e6a000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003dff080 Cid 0598.0684 Teb: 000007f6803d2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 3912 IdealProcessor: 0 UserTime 00:00:08.049 KernelTime 00:00:00.405 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e76dd0 Current fffff88015e767a0 Base fffff88015e77000 Limit fffff88015e71000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcdb00 Cid 0598.0688 Teb: 000007f6803d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690558 Ticks: 50570 (0:00:13:08.897) Context Switch Count 5483 IdealProcessor: 0 UserTime 00:00:09.812 KernelTime 00:00:00.639 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e7ddd0 Current fffff88015e7d7a0 Base fffff88015e7e000 Limit fffff88015e78000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003dec080 Cid 0598.068c Teb: 000007f6803ce000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 354 IdealProcessor: 0 UserTime 00:00:00.514 KernelTime 00:00:00.031 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e84dd0 Current fffff88015e847a0 Base fffff88015e85000 Limit fffff88015e7f000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003decb00 Cid 0598.0690 Teb: 000007f6803cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039a07c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 1014 IdealProcessor: 0 UserTime 00:00:01.825 KernelTime 00:00:00.187 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e8bdd0 Current fffff88015e8b7a0 Base fffff88015e8c000 Limit fffff88015e86000 Call 0 Priority 4 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 1 THREAD fffffa8003e0db00 Cid 0598.06cc Teb: 000007f6803ca000 Win32Thread: fffff90100695b90 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8001d57850: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736443 Ticks: 4685 (0:00:01:13.086) Context Switch Count 5746 IdealProcessor: 0 UserTime 00:00:11.980 KernelTime 00:00:01.435 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e30dd0 Current fffff88015e30760 Base fffff88015e31000 Limit fffff88015e2b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e43080 Cid 0598.04ec Teb: 000007f68050a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 3521 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e92dd0 Current fffff88015e92760 Base fffff88015e93000 Limit fffff88015e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002612980 Cid 0598.08e4 Teb: 000007f680504000 Win32Thread: fffff901006f3010 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1419 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161b8dd0 Current fffff880161b8760 Base fffff880161b9000 Limit fffff880161b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80041af080 Cid 0598.03a4 Teb: 000007f6803a8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740224 Ticks: 904 (0:00:00:14.102) Context Switch Count 77 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017468dd0 Current fffff88017468760 Base fffff88017469000 Limit fffff88017463000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002cf5b00 Cid 0598.0f54 Teb: 000007f6803a4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f337b0 NotificationEvent fffffa8003dde9b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15737894 Ticks: 3234 (0:00:00:50.450) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015109dd0 Current fffff88015109180 Base fffff8801510a000 Limit fffff88015104000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d1d700 Cid 0598.0e38 Teb: 000007f6803c8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016581dd0 Current fffff88016581760 Base fffff88016582000 Limit fffff8801657c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003d8f080 SessionId: 0 Cid: 063c Peb: 7f6e696f000 ParentCid: 03f0 DirBase: 0a9ad000 ObjectTable: fffff8a0005f2f00 HandleCount: Image: dasHost.exe VadRoot fffffa8003d88520 Vads 91 Clone 0 Private 622. Modified 91. Locked 0. DeviceMap fffff8a002487200 Token fffff8a00667b770 ElapsedTime 2 Days 20:09:57.870 UserTime 00:00:00.171 KernelTime 00:00:00.171 QuotaPoolUsage[PagedPool] 147056 QuotaPoolUsage[NonPagedPool] 11888 Working Set Sizes (now,min,max) (2803, 50, 345) (11212KB, 200KB, 1380KB) PeakWorkingSetSize 3077 VirtualSize 68 Mb PeakVirtualSize 80 Mb PageFaultCount 3908 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 881 Setting context for this process... .process /p /r fffffa8003d8f080 !peb PEB at 000007f6e696f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6e73f0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000005342121a00 . 0000005342176340 Ldr.InLoadOrderModuleList: 0000005342121b60 . 0000005342176320 Ldr.InMemoryOrderModuleList: 0000005342121b70 . 0000005342176330 Base TimeStamp Module 7f6e73f0000 5010a616 Jul 26 03:06:14 2012 C:\WINDOWS\system32\dashost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7feede00000 50108618 Jul 26 00:49:44 2012 C:\WINDOWS\system32\dafupnp.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7feec080000 505a9784 Sep 20 05:11:48 2012 C:\WINDOWS\system32\DAFWSD.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\WINDOWS\system32\wsdapi.dll 7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\webservices.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll 7fef1d80000 505a9bc8 Sep 20 05:30:00 2012 C:\Windows\System32\Windows.Media.Streaming.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7fef1d20000 5010a00e Jul 26 02:40:30 2012 C:\WINDOWS\system32\upnp.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll SubSystemData: 0000000000000000 ProcessHeap: 0000005342120000 ProcessParameters: 0000005342121200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'dashost.exe' ImageFile: 'C:\WINDOWS\system32\dashost.exe' CommandLine: 'dashost.exe {85609bb3-b0c4-4c8a-a46305af866ce627}' DllPath: '< Name not readable >' Environment: 0000005342120860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa8003d82500 Cid 063c.0640 Teb: 000007f6e696d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbe6a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 11259 Ticks: 15729869 (2:20:09:47.529) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address dashost!wmainCRTStartup (0x000007f6e73fbe5c) Stack Init fffff88014f33dd0 Current fffff88014f33900 Base fffff88014f34000 Limit fffff88014f2e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e29b00 Cid 063c.0124 Teb: 000007f6e6963000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e29ea8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a006688cf0 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff880161a3dd0 Current fffff880161a3660 Base fffff880161a4000 Limit fffff8801619e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003fc4b00 Cid 063c.0828 Teb: 000007f6e683e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f64cc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679298 Ticks: 61830 (0:00:16:04.554) Context Switch Count 27 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161aadd0 Current fffff880161aa760 Base fffff880161ab000 Limit fffff880161a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f23740 Cid 063c.0d28 Teb: 000007f6e6965000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0d280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15703645 Ticks: 37483 (0:00:09:44.738) Context Switch Count 1173 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015406dd0 Current fffff88015406760 Base fffff88015407000 Limit fffff88015401000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8003eec940 SessionId: 0 Cid: 07e8 Peb: 7f6fa92f000 ParentCid: 0220 DirBase: 3fdd9000 ObjectTable: fffff8a0006d3f00 HandleCount: Image: svchost.exe VadRoot fffffa8003ef2610 Vads 162 Clone 0 Private 1095. Modified 369. Locked 134. DeviceMap fffff8a002487200 Token fffff8a0027da770 ElapsedTime 2 Days 20:09:34.985 UserTime 00:00:00.374 KernelTime 00:00:00.390 QuotaPoolUsage[PagedPool] 194616 QuotaPoolUsage[NonPagedPool] 32784 Working Set Sizes (now,min,max) (4377, 50, 345) (17508KB, 200KB, 1380KB) PeakWorkingSetSize 4553 VirtualSize 94 Mb PeakVirtualSize 99 Mb PageFaultCount 9698 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1532 Setting context for this process... .process /p /r fffffa8003eec940 !peb PEB at 000007f6fa92f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000005590551a50 . 00000055906143c0 Ldr.InLoadOrderModuleList: 0000005590551bb0 . 00000055906143a0 Ldr.InMemoryOrderModuleList: 0000005590551bc0 . 00000055906143b0 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7feed390000 50108745 Jul 26 00:54:45 2012 c:\windows\system32\fdrespub.dll 7feed4f0000 50108576 Jul 26 00:47:02 2012 c:\windows\system32\wsdapi.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feed3a0000 50108b7f Jul 26 01:12:47 2012 c:\windows\system32\webservices.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 c:\windows\system32\FirewallAPI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7feed340000 50108597 Jul 26 00:47:35 2012 c:\windows\system32\ssdpsrv.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll 7feebc50000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\HTTPAPI.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 c:\windows\system32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 c:\windows\system32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 c:\windows\system32\NTASN1.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feeae40000 50108080 Jul 26 00:25:52 2012 c:\windows\system32\upnphost.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 c:\windows\system32\SSDPAPI.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll 7fef0e10000 501086e3 Jul 26 00:53:07 2012 C:\Windows\System32\AppXDeploymentClient.dll 7feeb0a0000 50109358 Jul 26 01:46:16 2012 C:\WINDOWS\System32\AppxPackaging.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7feea6a0000 50109080 Jul 26 01:34:08 2012 C:\WINDOWS\System32\OpcServices.DLL 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7feeafa0000 50109eff Jul 26 02:35:59 2012 C:\WINDOWS\system32\udhisapi.dll 7fee9c10000 50108a97 Jul 26 01:08:55 2012 C:\WINDOWS\system32\CRYPTXML.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef3090000 505a99fd Sep 20 05:22:21 2012 c:\windows\system32\timebrokerserver.dll 7feedf20000 5010abc3 Jul 26 03:30:27 2012 C:\WINDOWS\SYSTEM32\bi.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll 7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fee8450000 505a96ea Sep 20 05:09:14 2012 c:\windows\system32\wsservice.dll SubSystemData: 0000000000000000 ProcessHeap: 0000005590550000 ProcessParameters: 0000005590551200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation' DllPath: '< Name not readable >' Environment: 0000005590550860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa8003ee5800 Cid 07e8.07ec Teb: 000007f6fa92d000 Win32Thread: fffff901006993a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039b6c30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88016061dd0 Current fffff88016061900 Base fffff88016062000 Limit fffff8801605c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f00080 Cid 07e8.03fc Teb: 000007f6fa92b000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24c40 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 1587 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016084dd0 Current fffff88016084180 Base fffff88016085000 Limit fffff8801607f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f17080 Cid 07e8.04dc Teb: 000007f6fa923000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f0acc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685436 Ticks: 55692 (0:00:14:28.800) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160dfdd0 Current fffff880160df760 Base fffff880160e0000 Limit fffff880160da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e1e080 Cid 07e8.0608 Teb: 000007f6fa7fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039e2380 NotificationEvent IRP List: fffffa80027a28a0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 381 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ssdpsrv!CSsdpSearchRequestManager::DwSearchThreadProc (0x000007feed350ce0) Stack Init fffff880160bcdd0 Current fffff880160bc900 Base fffff880160bd000 Limit fffff880160b7000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003f78080 Cid 07e8.05f8 Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800366e3e0 SynchronizationEvent fffffa800372e3f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ssdpsrv!CReceiveDataManager::ThreadFunc (0x000007feed3431b0) Stack Init fffff8801600ddd0 Current fffff8801600d180 Base fffff8801600e000 Limit fffff88016008000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003e04080 Cid 07e8.02c8 Teb: 000007f6fa7f4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039d7940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679291 Ticks: 61837 (0:00:16:04.663) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016172dd0 Current fffff88016172760 Base fffff88016173000 Limit fffff8801616d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003df94c0 Cid 07e8.0248 Teb: 000007f6fa7ee000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24820 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016195dd0 Current fffff88016195180 Base fffff88016196000 Limit fffff88016190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e8d880 Cid 07e8.0544 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea9d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18772 Ticks: 15722356 (2:20:07:50.325) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff8801616bdd0 Current fffff8801616b900 Base fffff8801616c000 Limit fffff88016166000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ef7b00 Cid 07e8.04a8 Teb: 000007f6fa7e4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8004018400 SynchronizationEvent fffffa8003d898b0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18771 Ticks: 15722357 (2:20:07:50.341) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CRegProvider::ThreadProc (0x000007feec27708c) Stack Init fffff88016099dd0 Current fffff88016099180 Base fffff8801609a000 Limit fffff88016094000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f26080 Cid 07e8.057c Teb: 000007f6fa7e2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f28380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679660 Ticks: 61468 (0:00:15:58.906) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801613add0 Current fffff8801613a760 Base fffff8801613b000 Limit fffff88016135000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ed8b00 Cid 07e8.0874 Teb: 000007f6fa7f2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e0c640 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679749 Ticks: 61379 (0:00:15:57.518) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162b6dd0 Current fffff880162b6760 Base fffff880162b7000 Limit fffff880162b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002c4fb00 Cid 07e8.0bd4 Teb: 000007f6fa929000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f5f980 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 95 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801608bdd0 Current fffff8801608b760 Base fffff8801608c000 Limit fffff88016086000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003657b00 Cid 07e8.0734 Teb: 000007f6fa925000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8002c64930 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1198 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164bddd0 Current fffff880164bd180 Base fffff880164be000 Limit fffff880164b8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d51080 Cid 07e8.0be0 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0cb0 NotificationEvent fffffa80027a8800 SynchronizationEvent IRP List: fffffa8003e1f620: (0006,01f0) Flags: 00060030 Mdl: fffffa80037368b0 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679261 Ticks: 61867 (0:00:16:05.131) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!BaseHttpListener::DoReceiveRequestHeadersStub (0x000007feeae57300) Stack Init fffff88015f8edd0 Current fffff88015f8e180 Base fffff88015f8f000 Limit fffff88015f89000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c87b00 Cid 07e8.0b24 Teb: 000007f6fa7d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c6fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0) Stack Init fffff8801606fdd0 Current fffff8801606f900 Base fffff88016070000 Limit fffff8801606a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e1ab00 Cid 07e8.0d80 Teb: 000007f6fa7d4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0) Stack Init fffff8801740ddd0 Current fffff8801740d900 Base fffff8801740e000 Limit fffff88017408000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d0c080 Cid 07e8.0ca8 Teb: 000007f6fa7cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbf240 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679404 Ticks: 61724 (0:00:16:02.900) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801624ddd0 Current fffff8801624d760 Base fffff8801624e000 Limit fffff88016248000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001e1a280 Cid 07e8.0b08 Teb: 000007f6fa7dc000 Win32Thread: fffff90100702b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003642e90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15729717 Ticks: 11411 (0:00:02:58.012) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017500dd0 Current fffff880175005f0 Base fffff88017501000 Limit fffff880174fb000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800218f9c0 Cid 07e8.0630 Teb: 000007f6fa7fe000 Win32Thread: fffff901006d7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033a39f0 Semaphore Limit 0x1f4 fffffa8002cfe8b0 NotificationEvent fffffa8003dc2620 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 272 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161cddd0 Current fffff880161cd180 Base fffff880161ce000 Limit fffff880161c8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003d84b00 Cid 07e8.0c7c Teb: 000007f6fa927000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736886 Ticks: 4242 (0:00:01:06.175) Context Switch Count 120 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017084dd0 Current fffff88017084760 Base fffff88017085000 Limit fffff8801707f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80030739c0 Cid 07e8.0bb4 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801506fdd0 Current fffff8801506f760 Base fffff88015070000 Limit fffff8801506a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002ef9b00 Cid 07e8.01f0 Teb: 000007f6fa7ec000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016518dd0 Current fffff88016518760 Base fffff88016519000 Limit fffff88016513000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80041b25c0 Cid 07e8.0f2c Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740864 Ticks: 264 (0:00:00:04.118) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f17dd0 Current fffff88002f17760 Base fffff88002f18000 Limit fffff88002f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d3db00 Cid 07e8.0490 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801651fdd0 Current fffff8801651f760 Base fffff88016520000 Limit fffff8801651a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003fea3c0 SessionId: 0 Cid: 08a8 Peb: 7f6fb20f000 ParentCid: 0220 DirBase: 4ae86000 ObjectTable: fffff8a000853600 HandleCount: Image: svchost.exe VadRoot fffffa80033ae0b0 Vads 200 Clone 0 Private 822. Modified 304. Locked 656. DeviceMap fffff8a002487200 Token fffff8a0028468b0 ElapsedTime 2 Days 20:09:10.711 UserTime 00:00:00.031 KernelTime 00:00:00.062 QuotaPoolUsage[PagedPool] 102632 QuotaPoolUsage[NonPagedPool] 28944 Working Set Sizes (now,min,max) (2801, 50, 345) (11204KB, 200KB, 1380KB) PeakWorkingSetSize 3009 VirtualSize 836 Mb PeakVirtualSize 1090 Mb PageFaultCount 5937 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1556 Setting context for this process... .process /p /r fffffa8003fea3c0 !peb PEB at 000007f6fb20f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000083e7fd1a40 . 00000083e800c8b0 Ldr.InLoadOrderModuleList: 00000083e7fd1ba0 . 00000083e800c890 Ldr.InMemoryOrderModuleList: 00000083e7fd1bb0 . 00000083e800c8a0 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef1cc0000 5010839f Jul 26 00:39:11 2012 c:\windows\system32\pnrpsvc.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\System32\POWRPROF.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\System32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\System32\dhcpcsvc.DLL 7feefa60000 50109e21 Jul 26 02:32:17 2012 C:\WINDOWS\System32\sqmapi.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\System32\SSDPAPI.DLL 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.dll 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\System32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\System32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\System32\NTASN1.dll 7feeb430000 501080be Jul 26 00:26:54 2012 c:\windows\system32\p2psvc.dll 7feeb3c0000 50108656 Jul 26 00:50:46 2012 c:\windows\system32\P2PGRAPH.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 c:\windows\system32\ESENT.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\System32\AUTHZ.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\secur32.dll 7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\System32\slc.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7feeaf20000 5010a94c Jul 26 03:19:56 2012 C:\WINDOWS\System32\drttransport.dll 7feeaed0000 5010a958 Jul 26 03:20:08 2012 C:\WINDOWS\System32\drt.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\System32\pcwum.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll SubSystemData: 0000000000000000 ProcessHeap: 00000083e7fd0000 ProcessParameters: 00000083e7fd1200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\System32\svchost.exe' ImageFile: 'C:\WINDOWS\System32\svchost.exe' CommandLine: 'C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet' DllPath: '< Name not readable >' Environment: 00000083e7fd0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa8003fd3600 Cid 08a8.08ac Teb: 000007f6fb20d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a600 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679225 Ticks: 61903 (0:00:16:05.692) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880162d2dd0 Current fffff880162d2900 Base fffff880162d3000 Limit fffff880162cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f6fb00 Cid 08a8.08b0 Teb: 000007f6fb20b000 Win32Thread: fffff901000cc010 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 11047 IdealProcessor: 0 UserTime 00:00:00.171 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162cbdd0 Current fffff880162cb760 Base fffff880162cc000 Limit fffff880162c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003857080 Cid 08a8.0990 Teb: 000007f6fb207000 Win32Thread: fffff901006d9b90 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 9229 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.156 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162e7dd0 Current fffff880162e7760 Base fffff880162e8000 Limit fffff880162e2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018fc080 Cid 08a8.0998 Teb: 000007f6fb0de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95480 SynchronizationEvent fffffa8003f22720 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15160 Ticks: 15725968 (2:20:08:46.673) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pnrpsvc!CPnrpCloudManager::PnrpRegNotifyThreadProc (0x000007fef1ceb31c) Stack Init fffff8801623edd0 Current fffff8801623e180 Base fffff8801623f000 Limit fffff88016239000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261b080 Cid 08a8.0a24 Teb: 000007f6fb0da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003de5620 NotificationEvent fffffa8003613a10 NotificationEvent fffffa8003f33d50 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679813 Ticks: 61315 (0:00:15:56.520) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pnrpsvc!CPnrpCloud::DrtEventThreadProc (0x000007fef1ce6398) Stack Init fffff88015014dd0 Current fffff88015014180 Base fffff88015015000 Limit fffff8801500f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002619080 Cid 08a8.0a54 Teb: 000007f6fb0dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740763 Ticks: 365 (0:00:00:05.694) Context Switch Count 9809 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003ddfdd0 Current fffff88003ddf760 Base fffff88003de0000 Limit fffff88003dda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80021a3600 Cid 08a8.0ce0 Teb: 000007f6fb0d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 3041 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016485dd0 Current fffff88016485760 Base fffff88016486000 Limit fffff88016480000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800381a080 Cid 08a8.095c Teb: 000007f6fb203000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003673f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679761 Ticks: 61367 (0:00:15:57.331) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880163dddd0 Current fffff880163dd900 Base fffff880163de000 Limit fffff880163d8000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001e5db00 Cid 08a8.091c Teb: 000007f6fb0d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e3d3c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679779 Ticks: 61349 (0:00:15:57.050) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88016179dd0 Current fffff880161797a0 Base fffff8801617a000 Limit fffff88016174000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8004146080 Cid 08a8.0ad0 Teb: 000007f6fb209000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8004146428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0067d5770 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!CThreadBase::DwThreadProc (0x000007feeef0a9e8) Stack Init fffff880159bddd0 Current fffff880159bd660 Base fffff880159be000 Limit fffff880159b8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002772940 SessionId: 0 Cid: 0bac Peb: 7f7e166e000 ParentCid: 0288 DirBase: 2428a000 ObjectTable: fffff8a0008cc040 HandleCount: Image: dllhost.exe VadRoot fffffa8003fa2240 Vads 54 Clone 0 Private 225. Modified 15. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a006a68060 ElapsedTime 2 Days 20:08:02.445 UserTime 00:00:00.031 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 64096 QuotaPoolUsage[NonPagedPool] 6848 Working Set Sizes (now,min,max) (1473, 50, 345) (5892KB, 200KB, 1380KB) PeakWorkingSetSize 1504 VirtualSize 33 Mb PeakVirtualSize 38 Mb PageFaultCount 1669 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 361 Setting context for this process... .process /p /r fffffa8002772940 !peb PEB at 000007f7e166e000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7e2350000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000005158f31a10 . 0000005158f5e0b0 Ldr.InLoadOrderModuleList: 0000005158f31b70 . 0000005158f5e1b0 Ldr.InMemoryOrderModuleList: 0000005158f31b80 . 0000005158f5e1c0 Base TimeStamp Module 7f7e2350000 50108850 Jul 26 00:59:12 2012 C:\WINDOWS\system32\DllHost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll 7feea620000 501081c6 Jul 26 00:31:18 2012 C:\WINDOWS\System32\wlidprov.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll SubSystemData: 0000000000000000 ProcessHeap: 0000005158f30000 ProcessParameters: 0000005158f31170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\DllHost.exe' ImageFile: 'C:\WINDOWS\system32\DllHost.exe' CommandLine: 'C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}' DllPath: '< Name not readable >' Environment: 0000005158f30860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8002c5c080 Cid 0bac.0bb0 Teb: 000007f7e166c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e75190 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 19238 Ticks: 15721890 (2:20:07:43.055) Context Switch Count 41 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address DllHost!wWinMainCRTStartup (0x000007f7e23511d4) Stack Init fffff88014e3edd0 Current fffff88014e3e900 Base fffff88014e3f000 Limit fffff88014e39000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018ea5c0 Cid 0bac.0bc0 Teb: 000007f7e1664000 Win32Thread: fffff90100671b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002767d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151d4dd0 Current fffff880151d45f0 Base fffff880151d5000 Limit fffff880151cf000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002e1fb00 Cid 0bac.087c Teb: 000007f7e1538000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8002e5a960 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15711974 Ticks: 29154 (0:00:07:34.805) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff88016254dd0 Current fffff88016254180 Base fffff88016255000 Limit fffff8801624f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f7c080 Cid 0bac.0a78 Teb: 000007f7e166a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002dbcc80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15710136 Ticks: 30992 (0:00:08:03.478) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b8dd0 Current fffff880158b8760 Base fffff880158b9000 Limit fffff880158b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa80038e6940 SessionId: 0 Cid: 0270 Peb: 7f79c425000 ParentCid: 0220 DirBase: 3a2aa000 ObjectTable: fffff8a006c77c40 HandleCount: Image: SearchIndexer.exe VadRoot fffffa80037ce380 Vads 242 Clone 0 Private 1502. Modified 1352. Locked 1. DeviceMap fffff8a00000c340 Token fffff8a0069e5930 ElapsedTime 2 Days 20:07:06.627 UserTime 00:00:00.031 KernelTime 00:00:00.109 QuotaPoolUsage[PagedPool] 173944 QuotaPoolUsage[NonPagedPool] 31280 Working Set Sizes (now,min,max) (3413, 50, 345) (13652KB, 200KB, 1380KB) PeakWorkingSetSize 3807 VirtualSize 493 Mb PeakVirtualSize 730 Mb PageFaultCount 8551 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3928 Setting context for this process... .process /p /r fffffa80038e6940 !peb PEB at 000007f79c425000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f79ccf0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000423aa919b0 . 0000004245856710 Ldr.InLoadOrderModuleList: 000000423aa91b10 . 00000042458566f0 Ldr.InMemoryOrderModuleList: 000000423aa91b20 . 0000004245856700 Base TimeStamp Module 7f79ccf0000 505a9407 Sep 20 04:56:55 2012 C:\WINDOWS\system32\SearchIndexer.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7feec6d0000 505a97d5 Sep 20 05:13:09 2012 C:\WINDOWS\system32\TQUERY.DLL 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7feec4c0000 505a937f Sep 20 04:54:39 2012 C:\WINDOWS\system32\MSSRCH.DLL 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7feedb60000 50108a0f Jul 26 01:06:39 2012 C:\WINDOWS\system32\Msidle.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL 7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL 7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll 7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\cfgmgr32.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll 7fee9180000 5010823d Jul 26 00:33:17 2012 C:\WINDOWS\System32\NaturalLanguage6.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll 7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\WINDOWS\system32\elscore.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll SubSystemData: 0000000000000000 ProcessHeap: 000000423aa90000 ProcessParameters: 000000423aa91170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\SearchIndexer.exe' ImageFile: 'C:\WINDOWS\system32\SearchIndexer.exe' CommandLine: 'C:\WINDOWS\system32\SearchIndexer.exe /Embedding' DllPath: '< Name not readable >' Environment: 000000423aac5ea0 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc TMP=C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa800260e700 Cid 0270.0750 Teb: 000007f79c42e000 Win32Thread: fffff901006c9b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036bfc70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SearchIndexer!WinMainCRTStartup (0x000007f79cd16f2c) Stack Init fffff8801643fdd0 Current fffff8801643f900 Base fffff88016440000 Limit fffff8801643a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b9d080 Cid 0270.047c Teb: 000007f79c428000 Win32Thread: fffff901006af610 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003254860 SynchronizationEvent fffffa800395a460 SynchronizationEvent fffffa80038b67a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 34436 Ticks: 15706692 (2:20:03:45.965) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.078 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016477dd0 Current fffff88016477180 Base fffff88016478000 Limit fffff88016472000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e86880 Cid 0270.0454 Teb: 000007f79c426000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026a0420 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 63311 Ticks: 15677817 (2:19:56:15.512) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88015037dd0 Current fffff88015037900 Base fffff88015038000 Limit fffff88015032000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003dd9b00 Cid 0270.06d8 Teb: 000007f79c2fe000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003994450 SynchronizationEvent fffffa8003d9ecb0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 25664 Ticks: 15715464 (2:20:06:02.809) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014fc6dd0 Current fffff88014fc6180 Base fffff88014fc7000 Limit fffff88014fc1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027deb00 Cid 0270.0474 Teb: 000007f79c2fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800383e380 NotificationEvent fffffa8003822860 NotificationEvent IRP List: fffffa8002d8e010: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15682394 Ticks: 58734 (0:00:15:16.256) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0) Stack Init fffff88015550dd0 Current fffff88015550180 Base fffff88015551000 Limit fffff8801554b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039d5b00 Cid 0270.0b84 Teb: 000007f79c2f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd14c0 SynchronizationEvent fffffa8003f87ec0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 71 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address MSSRCH!CTimerThread::Thread (0x000007feec5139e4) Stack Init fffff880164d2dd0 Current fffff880164d2180 Base fffff880164d3000 Limit fffff880164cd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80038a8080 Cid 0270.080c Teb: 000007f79c2f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031af3e0 SynchronizationEvent fffffa8003fdc6a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 341 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSSRCH!CBackoffTimerThread::Thread (0x000007feec4c5cc8) Stack Init fffff8801557add0 Current fffff8801557a180 Base fffff8801557b000 Limit fffff88015575000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003f1fb00 Cid 0270.086c Teb: 000007f79c2f4000 Win32Thread: fffff901006b53a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393fc90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 719 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.046 Win32 Start Address MSSRCH!CRobotThread::Thread (0x000007feec5626d0) Stack Init fffff8801650add0 Current fffff8801650a0f0 Base fffff8801650b000 Limit fffff88016505000 Call 0 Priority 8 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003b03080 Cid 0270.08ec Teb: 000007f79c2f2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f8be90 NotificationEvent fffffa8003882380 NotificationEvent fffffa8003ee2c50 NotificationEvent IRP List: fffffa80018ad010: (0006,03e8) Flags: 00060800 Mdl: fffffa8004144300 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11133 IdealProcessor: 0 UserTime 00:00:00.499 KernelTime 00:00:00.499 Win32 Start Address MSSRCH!CUsnMonitorNotifier::MonitorThreadStatic (0x000007feec55cc48) Stack Init fffff88016511dd0 Current fffff88016511180 Base fffff88016512000 Limit fffff8801650c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001df9900 Cid 0270.0778 Teb: 000007f79c2f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8001c40640 NotificationEvent IRP List: fffffa800261ed40: (0006,01f0) Flags: 00060900 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 337 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0) Stack Init fffff880165ffdd0 Current fffff880165ff900 Base fffff88016600000 Limit fffff880165fa000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80038857c0 Cid 0270.0ee8 Teb: 000007f79c423000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037a1680 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15708736 Ticks: 32392 (0:00:08:25.318) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015887dd0 Current fffff88015887760 Base fffff88015888000 Limit fffff88015882000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8001c4b080 SessionId: 0 Cid: 0ba8 Peb: 7f765435000 ParentCid: 0220 DirBase: 3c709000 ObjectTable: fffff8a000643200 HandleCount: Image: wmpnetwk.exe VadRoot fffffa8003012a20 Vads 151 Clone 0 Private 1119. Modified 1203. Locked 38. DeviceMap fffff8a0007b8aa0 Token fffff8a0066c3940 ElapsedTime 2 Days 20:05:55.272 UserTime 00:00:00.000 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 170680 QuotaPoolUsage[NonPagedPool] 25888 Working Set Sizes (now,min,max) (2099, 50, 345) (8396KB, 200KB, 1380KB) PeakWorkingSetSize 4035 VirtualSize 83 Mb PeakVirtualSize 86 Mb PageFaultCount 7272 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1441 Setting context for this process... .process /p /r fffffa8001c4b080 !peb PEB at 000007f765435000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f765da0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000072b7ae1a70 . 00000072b8d28010 Ldr.InLoadOrderModuleList: 00000072b7ae1bd0 . 00000072b8d27ff0 Ldr.InMemoryOrderModuleList: 00000072b7ae1be0 . 00000072b8d28000 Base TimeStamp Module 7f765da0000 505a9af1 Sep 20 05:26:25 2012 C:\Program Files\Windows Media Player\wmpnetwk.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef0ec0000 5010a986 Jul 26 03:20:54 2012 C:\WINDOWS\SYSTEM32\WSOCK32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll 7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\SYSTEM32\Cabinet.dll 7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\SYSTEM32\NETAPI32.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\XmlLite.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\SYSTEM32\srvcli.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\SYSTEM32\wkscli.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\WINSTA.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\SHCORE.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\SYSTEM32\LINKINFO.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\SYSTEM32\apphelp.dll 7fee97e0000 50108ecf Jul 26 01:26:55 2012 C:\WINDOWS\system32\NetworkExplorer.dll 7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\SYSTEM32\MPR.dll 7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll 7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll 7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll 7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll 7feec6d0000 505a97d5 Sep 20 05:13:09 2012 C:\WINDOWS\system32\tquery.dll 7fee96d0000 505a923d Sep 20 04:49:17 2012 C:\WINDOWS\SYSTEM32\wmpmde.dll 7fee9600000 505a965d Sep 20 05:06:53 2012 C:\WINDOWS\SYSTEM32\MFPlat.DLL 7fef2e30000 505ab36d Sep 20 07:10:53 2012 C:\WINDOWS\SYSTEM32\AVRT.dll 7fee9c40000 505ab510 Sep 20 07:17:52 2012 C:\WINDOWS\SYSTEM32\mfcore.dll 7feefcf0000 50108849 Jul 26 00:59:05 2012 C:\WINDOWS\SYSTEM32\ksuser.dll 7feebc50000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\SYSTEM32\HTTPAPI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fee9560000 505a937e Sep 20 04:54:38 2012 C:\WINDOWS\system32\WinSATAPI.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\system32\dxgi.dll 7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll 7fee9430000 5010adc4 Jul 26 03:39:00 2012 C:\Windows\System32\msmpeg2enc.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\Windows\System32\slc.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\system32\mlang.dll 7fee9390000 505aa5d5 Sep 20 06:12:53 2012 C:\WINDOWS\System32\StructuredQuery.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\System32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SSPICLI.DLL 7feeae40000 50108080 Jul 26 00:25:52 2012 C:\WINDOWS\system32\upnphost.dll 7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll 7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll 7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll 7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll 7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\fastprox.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\Windows\System32\FirewallAPI.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll 7feec0d0000 5010804c Jul 26 00:25:00 2012 C:\WINDOWS\System32\provsvc.dll SubSystemData: 0000000000000000 ProcessHeap: 00000072b7ae0000 ProcessParameters: 00000072b7ae11f0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\Program Files\Windows Media Player\wmpnetwk.exe' ImageFile: 'C:\Program Files\Windows Media Player\wmpnetwk.exe' CommandLine: '"C:\Program Files\Windows Media Player\wmpnetwk.exe"' DllPath: '< Name not readable >' Environment: 00000072b7af57a0 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local NUMBER_OF_PROCESSORS=2 OANOCACHE=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\Windows\ServiceProfiles\NetworkService windir=C:\WINDOWS THREAD fffffa80018a6080 Cid 0ba8.03f8 Teb: 000007f76543e000 Win32Thread: fffff901006ef290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033e5220 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 147 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address wmpnetwk!wWinMainCRTStartup (0x000007f765e6d170) Stack Init fffff88015ecadd0 Current fffff88015eca900 Base fffff88015ecb000 Limit fffff88015ec5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c8e680 Cid 0ba8.0820 Teb: 000007f765438000 Win32Thread: fffff901006f5010 WAIT: (UserRequest) UserMode Alertable fffffa8001d4b860 SynchronizationEvent fffffa8001ca5130 SynchronizationEvent fffffa8001d4d740 NotificationEvent fffffa8003818f20 SynchronizationEvent fffffa8003ea24e0 SynchronizationEvent fffffa8003e03140 SynchronizationEvent fffffa8001c09420 SynchronizationEvent fffffa8003ea2460 SynchronizationEvent fffffa8003863310 SynchronizationEvent IRP List: fffffa8003704c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682130 Ticks: 58998 (0:00:15:20.374) Context Switch Count 727 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.062 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016565dd0 Current fffff88016565180 Base fffff88016566000 Limit fffff88016560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001ca1b00 Cid 0ba8.05f4 Teb: 000007f76530e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c0ad30 SynchronizationEvent fffffa8001c0acb0 SynchronizationEvent fffffa8003982ce0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27465 Ticks: 15713663 (2:20:05:34.713) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!ATL::CWorkerThread::_WorkerThreadProc (0x000007f765de565c) Stack Init fffff880154e1dd0 Current fffff880154e1180 Base fffff880154e2000 Limit fffff880154dc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd9800 Cid 0ba8.07f4 Teb: 000007f76530c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c11c50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27466 Ticks: 15713662 (2:20:05:34.698) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!CHMESharedLibraryMonitor::_RegistryWatchProc (0x000007f765e1e828) Stack Init fffff88015478dd0 Current fffff88015478900 Base fffff88015479000 Limit fffff88015473000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c55b00 Cid 0ba8.033c Teb: 000007f76530a000 Win32Thread: fffff901006f2710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bf3db0 SynchronizationEvent fffffa8003bdea28 NotificationEvent fffffa8003db1798 NotificationEvent IRP List: fffffa80018cac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682395 Ticks: 58733 (0:00:15:16.240) Context Switch Count 818 IdealProcessor: 0 UserTime 00:00:00.655 KernelTime 00:00:00.468 Win32 Start Address wmpnetwk!CHMELibraryPathMonitor::_FolderWatchProc (0x000007f765e1f45c) Stack Init fffff880154e8dd0 Current fffff880154e8180 Base fffff880154e9000 Limit fffff880154e3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc3080 Cid 0ba8.055c Teb: 000007f765306000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c89ac0 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28059 Ticks: 15713069 (2:20:05:25.447) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015f2cdd0 Current fffff88015f2c7a0 Base fffff88015f2d000 Limit fffff88015f27000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc3700 Cid 0ba8.05dc Teb: 000007f765304000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001c89a00 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28062 Ticks: 15713066 (2:20:05:25.400) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015045dd0 Current fffff88015045760 Base fffff88015046000 Limit fffff88015040000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c73b00 Cid 0ba8.06b0 Teb: 000007f765302000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c85e10 NotificationEvent fffffa8001c85e90 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15683120 Ticks: 58008 (0:00:15:04.930) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!CRMELibraryInfoResponder::_RefreshPortsThread (0x000007f765e3d394) Stack Init fffff88015f4fdd0 Current fffff88015f4f180 Base fffff88015f50000 Limit fffff88015f4a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d7f080 Cid 0ba8.0ad4 Teb: 000007f7652fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d81460 NotificationEvent fffffa8001c6e960 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address tquery!CRowsetAsynchNotification::_NotifyThread (0x000007feec7718e8) Stack Init fffff88016334dd0 Current fffff88016334180 Base fffff88016335000 Limit fffff8801632f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800419c9c0 Cid 0ba8.03dc Teb: 000007f765308000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject IRP List: fffffa8001c62230: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15692903 Ticks: 48225 (0:00:12:32.314) Context Switch Count 411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170b5dd0 Current fffff880170b5760 Base fffff880170b6000 Limit fffff880170b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001df5080 Cid 0ba8.0cb8 Teb: 000007f765300000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017580dd0 Current fffff88017580760 Base fffff88017581000 Limit fffff8801757b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8001d07940 SessionId: 1 Cid: 0acc Peb: 7f68f055000 ParentCid: 0ae4 DirBase: 3b81b000 ObjectTable: 00000000 HandleCount: 0. Image: explorer.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 11652. Locked 0. DeviceMap fffff8a006b36d60 Token fffff8a001380060 ElapsedTime 2 Days 20:05:20.434 UserTime 00:00:02.698 KernelTime 00:00:02.808 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 26782 VirtualSize 0 Mb PeakVirtualSize 513 Mb PageFaultCount 64065 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001d07940 !peb PEB at 000007f68f055000 error 1 InitTypeRead( nt!_PEB at 000007f68f055000)... No active threads PROCESS fffffa8001f4b940 SessionId: 2 Cid: 0a3c Peb: 7f6a5f5f000 ParentCid: 011c DirBase: 604c7000 ObjectTable: 00000000 HandleCount: 0. Image: smss.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 16. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a001ae65e0 ElapsedTime 2 Days 19:55:57.065 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 1088 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 158 VirtualSize 0 Mb PeakVirtualSize 5 Mb PageFaultCount 156 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001f4b940 !peb PEB at 000007f6a5f5f000 error 1 InitTypeRead( nt!_PEB at 000007f6a5f5f000)... No active threads PROCESS fffffa80020b0080 SessionId: 2 Cid: 0cdc Peb: 7f768c3f000 ParentCid: 0a3c DirBase: 5e728000 ObjectTable: fffff8a0035fd400 HandleCount: Image: csrss.exe VadRoot fffffa800215e1b0 Vads 92 Clone 0 Private 251. Modified 3384. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a00353a060 ElapsedTime 2 Days 19:55:56.909 UserTime 00:00:00.000 KernelTime 00:00:00.795 QuotaPoolUsage[PagedPool] 150264 QuotaPoolUsage[NonPagedPool] 18688 Working Set Sizes (now,min,max) (1068, 50, 345) (4272KB, 200KB, 1380KB) PeakWorkingSetSize 9535 VirtualSize 57 Mb PeakVirtualSize 61 Mb PageFaultCount 99816 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 442 Setting context for this process... .process /p /r fffffa80020b0080 !peb PEB at 000007f768c3f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7697f0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000005c8d171680 . 0000005c8d18a990 Ldr.InLoadOrderModuleList: 0000005c8d1717e0 . 0000005c8d18adf0 Ldr.InMemoryOrderModuleList: 0000005c8d1717f0 . 0000005c8d18ae00 Base TimeStamp Module 7f7697f0000 5010ac39 Jul 26 03:32:25 2012 C:\WINDOWS\system32\csrss.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef4e80000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\CSRSRV.dll 7fef4e60000 5010ac2a Jul 26 03:32:10 2012 C:\WINDOWS\system32\basesrv.DLL 7fef4e20000 505a9a3c Sep 20 05:23:24 2012 C:\WINDOWS\system32\winsrv.DLL 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\SYSTEM32\kernelbase.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\SYSTEM32\kernel32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef4e10000 5010aa9e Jul 26 03:25:34 2012 C:\WINDOWS\system32\sxssrv.DLL 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\system32\sxs.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll SubSystemData: 0000000000000000 ProcessHeap: 0000005c8d170000 ProcessParameters: 0000005c8d170d00 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: '< Name not readable >' ImageFile: 'C:\WINDOWS\system32\csrss.exe' CommandLine: '%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16' DllPath: '< Name not readable >' Environment: 0000005c8d170860 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM windir=C:\WINDOWS THREAD fffffa8001c22080 Cid 0cdc.03d8 Teb: 000007f768c3b000 Win32Thread: fffff901000bab90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001c22428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00311e770 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 136 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0) Stack Init fffff880170aedd0 Current fffff880170ae660 Base fffff880170af000 Limit fffff880170a9000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002126b00 Cid 0cdc.0a20 Teb: 000007f768c39000 Win32Thread: fffff90100661b90 WAIT: (UserRequest) UserMode Alertable fffffa80018936a0 SynchronizationEvent fffffa8001fb3fe0 SynchronizationEvent fffffa80033e2ee0 SynchronizationEvent fffffa80033ee280 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680790 Ticks: 60338 (0:00:15:41.278) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630) Stack Init fffff880165a6dd0 Current fffff880165a6180 Base fffff880165a7000 Limit fffff880165a1000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f57080 Cid 0cdc.0a04 Teb: 000007f768c35000 Win32Thread: fffff901000b7220 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001f57428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741024 Ticks: 104 (0:00:00:01.622) Context Switch Count 328 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.093 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88017045dd0 Current fffff88017045750 Base fffff88017046000 Limit fffff88017040000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80021a5b00 Cid 0cdc.0a84 Teb: 000007f768c33000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80021a5ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65253 Ticks: 15675875 (2:19:55:45.217) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10) Stack Init fffff880165addd0 Current fffff880165ad7a0 Base fffff880165ae000 Limit fffff880165a8000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800207fb00 Cid 0cdc.0e6c Teb: 000007f768c3d000 Win32Thread: fffff90100755680 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800207fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 343 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff880171e7dd0 Current fffff880171e7750 Base fffff880171e8000 Limit fffff880171e2000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80021ca080 Cid 0cdc.0868 Teb: 000007f768b0e000 Win32Thread: fffff901001a9b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa80020e4cb0 SynchronizationEvent fffffa8001e4ea00 NotificationTimer fffffa8003de3c00 SynchronizationTimer fffffa8001990080 SynchronizationEvent IRP List: fffffa800267c6a0: (0006,0478) Flags: 00060970 Mdl: 00000000 fffffa80021bdc10: (0006,03e8) Flags: 00060900 Mdl: fffffa8002c89a60 fffffa8002137c10: (0006,03e8) Flags: 00060900 Mdl: fffffa8003e0b1a0 fffffa8001ed1b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80037d1010 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 47974 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.577 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801718edd0 Current fffff8801718e810 Base fffff8801718f000 Limit fffff88017189000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800419ab00 Cid 0cdc.0bfc Teb: 000007f768b0c000 Win32Thread: fffff901001af850 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002dd7320 SynchronizationEvent fffffa8003f11640 SynchronizationEvent fffffa80020fc060 SynchronizationEvent IRP List: fffffa8003f3dab0: (0006,0550) Flags: 00060970 Mdl: 00000000 fffffa8002599b80: (0006,0478) Flags: 00060970 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 45172 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:01.965 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff88017318dd0 Current fffff880173187e0 Base fffff88017319000 Limit fffff88017313000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80041b2b00 Cid 0cdc.0e94 Teb: 000007f768b0a000 Win32Thread: fffff901000ec4d0 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80041b2ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740890 Ticks: 238 (0:00:00:03.712) Context Switch Count 299 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88017378dd0 Current fffff88017378750 Base fffff88017379000 Limit fffff88017373000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003625080 Cid 0cdc.0344 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff8801503eb90 NotificationTimer fffffa8003db3180 SynchronizationEvent fffffa8003dd9820 SynchronizationEvent fffffa8002c46b60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 15913 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.530 Win32 Start Address cdd!PresentWorkerThread (0xfffff960008a95e8) Stack Init fffff8801503edd0 Current fffff8801503e820 Base fffff8801503f000 Limit fffff88015039000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80033cc080 Cid 0cdc.0d0c Teb: 000007f768b08000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80033cc428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!AutoRotationRequestThread (0x000007fef4e21910) Stack Init fffff88017267dd0 Current fffff88017267750 Base fffff88017268000 Limit fffff88017262000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa800417d940 SessionId: 2 Cid: 0a28 Peb: 7f66fc54000 ParentCid: 0a3c DirBase: 6d36d000 ObjectTable: fffff8a00192a600 HandleCount: Image: winlogon.exe VadRoot fffffa80038c8e30 Vads 54 Clone 0 Private 184. Modified 1018. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a006dc9b00 ElapsedTime 2 Days 19:55:55.536 UserTime 00:00:00.000 KernelTime 00:00:00.015 QuotaPoolUsage[PagedPool] 102496 QuotaPoolUsage[NonPagedPool] 7040 Working Set Sizes (now,min,max) (1170, 50, 345) (4680KB, 200KB, 1380KB) PeakWorkingSetSize 2185 VirtualSize 46 Mb PeakVirtualSize 67 Mb PageFaultCount 2802 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 291 Setting context for this process... .process /p /r fffffa800417d940 !peb PEB at 000007f66fc54000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f670420000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000596b721500 . 000000596b72c4a0 Ldr.InLoadOrderModuleList: 000000596b721660 . 000000596b72c480 Ldr.InMemoryOrderModuleList: 000000596b721670 . 000000596b72c490 Base TimeStamp Module 7f670420000 505a996c Sep 20 05:19:56 2012 C:\WINDOWS\System32\WinLogon.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\System32\samcli.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\System32\WTSAPI32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7fef3d70000 505ab02f Sep 20 06:57:03 2012 C:\WINDOWS\System32\UXINIT.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.DLL 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SspiCli.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\System32\MPR.dll SubSystemData: 0000000000000000 ProcessHeap: 000000596b720000 ProcessParameters: 000000596b720d00 CurrentDirectory: 'C:\WINDOWS\System32\' WindowTitle: '< Name not readable >' ImageFile: 'C:\WINDOWS\System32\WinLogon.exe' CommandLine: 'C:\WINDOWS\System32\WinLogon.exe -SpecialSession' DllPath: '< Name not readable >' Environment: 000000596b72e4a0 ALLUSERSPROFILE=C:\ProgramData CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8002112b00 Cid 0a28.0520 Teb: 000007f66fc5e000 Win32Thread: fffff901000b8360 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003fcb740 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15681145 Ticks: 59983 (0:00:15:35.740) Context Switch Count 375 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.327 Win32 Start Address WinLogon!WinMainCRTStartup (0x000007f670437010) Stack Init fffff8801706fdd0 Current fffff8801706f900 Base fffff88017070000 Limit fffff8801706a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f2bb00 Cid 0a28.0d98 Teb: 000007f66fc5a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003013100 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017241dd0 Current fffff88017241760 Base fffff88017242000 Limit fffff8801723c000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c20b00 Cid 0a28.0bcc Teb: 000007f66fb2e000 Win32Thread: fffff901000eeb90 WAIT: (WrQueue) UserMode Alertable fffffa8003977b80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15680821 Ticks: 60307 (0:00:15:40.795) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801737fdd0 Current fffff8801737f760 Base fffff88017380000 Limit fffff8801737a000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8001f413c0 SessionId: 2 Cid: 0dac Peb: 7f7df883000 ParentCid: 0a28 DirBase: 38e80000 ObjectTable: 00000000 HandleCount: 0. Image: LogonUI.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 371. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a007f0fb00 ElapsedTime 2 Days 19:55:53.967 UserTime 00:00:00.202 KernelTime 00:00:00.140 QuotaPoolUsage[PagedPool] 2448 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 7373 VirtualSize 0 Mb PeakVirtualSize 229 Mb PageFaultCount 9442 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001f413c0 !peb PEB at 000007f7df883000 error 1 InitTypeRead( nt!_PEB at 000007f7df883000)... No active threads PROCESS fffffa8002109940 SessionId: 2 Cid: 06f8 Peb: 7f7f6aa3000 ParentCid: 0a28 DirBase: 6f209000 ObjectTable: fffff8a001ea0e40 HandleCount: Image: dwm.exe VadRoot fffffa8002698970 Vads 139 Clone 0 Private 3052. Modified 6608. Locked 623. DeviceMap fffff8a001f34aa0 Token fffff8a00193f9b0 ElapsedTime 2 Days 19:55:53.967 UserTime 00:00:00.171 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 306440 QuotaPoolUsage[NonPagedPool] 17856 Working Set Sizes (now,min,max) (6437, 50, 345) (25748KB, 200KB, 1380KB) PeakWorkingSetSize 9820 VirtualSize 176 Mb PeakVirtualSize 254 Mb PageFaultCount 45073 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 13202 Setting context for this process... .process /p /r fffffa8002109940 !peb PEB at 000007f7f6aa3000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7f6f40000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000cd54841800 . 000000cd57ebee00 Ldr.InLoadOrderModuleList: 000000cd54841960 . 000000cd57ebede0 Ldr.InMemoryOrderModuleList: 000000cd54841970 . 000000cd57ebedf0 Base TimeStamp Module 7f7f6f40000 505a9726 Sep 20 05:10:14 2012 C:\WINDOWS\System32\dwm.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.dll 7fef3520000 505a999e Sep 20 05:20:46 2012 C:\WINDOWS\System32\dwmredir.dll 7fef2c00000 505a9729 Sep 20 05:10:17 2012 C:\WINDOWS\System32\dwmcore.dll 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\System32\dcomp.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\System32\WindowsCodecs.dll 7fef1b90000 501087bd Jul 26 00:56:45 2012 C:\WINDOWS\System32\d3d10_1.dll 7fef1090000 501087ec Jul 26 00:57:32 2012 C:\WINDOWS\System32\d3d10_1core.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\System32\dxgi.dll 7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\System32\d3d11.dll 7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\System32\igd10umd64.dll 7feeff50000 505a95fa Sep 20 05:05:14 2012 C:\WINDOWS\System32\uDWM.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\System32\slc.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll 7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\System32\d2d1.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll 7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\System32\d3d10warp.dll SubSystemData: 0000000000000000 ProcessHeap: 000000cd54840000 ProcessParameters: 000000cd54841030 CurrentDirectory: 'C:\WINDOWS\System32\' WindowTitle: 'dwm.exe' ImageFile: 'C:\WINDOWS\System32\dwm.exe' CommandLine: ' -hiberboot' DllPath: '< Name not readable >' Environment: 000000cd54840860 ALLUSERSPROFILE=C:\ProgramData CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERNAME=SYSTEM USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa80020c9b00 Cid 06f8.06c4 Teb: 000007f7f6aae000 Win32Thread: fffff90100668710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040a7c60 SynchronizationEvent fffffa800413ac40 SynchronizationEvent fffffa80038b18c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15686357 Ticks: 54771 (0:00:14:14.433) Context Switch Count 116 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address dwm!WinMainStartup (0x000007f7f6f45de0) Stack Init fffff88017363dd0 Current fffff88017363180 Base fffff88017364000 Limit fffff8801735e000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001db2740 Cid 06f8.00c4 Teb: 000007f7f6aaa000 Win32Thread: fffff90100664b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002761a30 Semaphore Limit 0x7fffffff fffffa80031ab3c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 17216 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.327 Win32 Start Address dwm!CPortBase::PortThread (0x000007f7f6f44380) Stack Init fffff8801705add0 Current fffff8801705a180 Base fffff8801705b000 Limit fffff88017055000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e3f680 Cid 06f8.0f30 Teb: 000007f7f6aa4000 Win32Thread: fffff9010060bb90 WAIT: (UserRequest) KernelMode Alertable fffffa8003ed20f0 NotificationEvent fffffa8003feafe0 NotificationEvent fffffa8003896670 NotificationEvent fffffa8002670e60 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741122 Ticks: 6 (0:00:00:00.093) Context Switch Count 8229 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address dwmcore!CLocalSurfaceManager::s_TokenThreadMain (0x000007fef2c98060) Stack Init fffff88016431dd0 Current fffff88016430ce0 Base fffff88016432000 Limit fffff8801642c000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001cc4b00 Cid 06f8.0960 Teb: 000007f7f6aa8000 Win32Thread: fffff9010060cb90 WAIT: (UserRequest) KernelMode Non-Alertable fffffa8003fe6318 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 14600 IdealProcessor: 0 UserTime 00:00:05.725 KernelTime 00:00:02.652 Win32 Start Address dwmcore!CPartitionThread::ThreadMain (0x000007fef2c969b0) Stack Init fffff88016423dd0 Current fffff88016423600 Base fffff88016424000 Limit fffff8801641e000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d01080 Cid 06f8.0d08 Teb: 000007f7f6aa6000 Win32Thread: fffff901001fa830 WAIT: (UserRequest) UserMode Alertable fffffa8002dfc460 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15730707 Ticks: 10421 (0:00:02:42.568) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address uDWM!CDesktopManager::DwmEventThreadProc (0x000007feeff5e3d0) Stack Init fffff8801627edd0 Current fffff8801627e0f0 Base fffff8801627f000 Limit fffff88016279000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e75680 Cid 06f8.0600 Teb: 000007f7f697c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001dde1c0 QueueObject Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15698397 Ticks: 42731 (0:00:11:06.607) Context Switch Count 76 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170dfdd0 Current fffff880170df760 Base fffff880170e0000 Limit fffff880170da000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8002cf71c0 SessionId: 2 Cid: 02a0 Peb: 7f7ccb0e000 ParentCid: 0220 DirBase: 0f530000 ObjectTable: fffff8a006786500 HandleCount: Image: taskhostex.exe VadRoot fffffa8002199f80 Vads 236 Clone 0 Private 1375. Modified 234. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a007e27060 ElapsedTime 00:15:41.330 UserTime 00:00:00.577 KernelTime 00:00:00.296 QuotaPoolUsage[PagedPool] 204128 QuotaPoolUsage[NonPagedPool] 34656 Working Set Sizes (now,min,max) (3438, 50, 345) (13752KB, 200KB, 1380KB) PeakWorkingSetSize 3847 VirtualSize 243 Mb PeakVirtualSize 246 Mb PageFaultCount 7514 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1826 Job fffffa8002cfa260 Setting context for this process... .process /p /r fffffa8002cf71c0 !peb PEB at 000007f7ccb0e000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7cd6a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000010583819f0 . 00000010583b6400 Ldr.InLoadOrderModuleList: 0000001058381b50 . 00000010583b63e0 Ldr.InMemoryOrderModuleList: 0000001058381b60 . 00000010583b63f0 Base TimeStamp Module 7f7cd6a0000 505a9a09 Sep 20 05:22:33 2012 C:\WINDOWS\system32\taskhostex.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef3630000 5010a6c7 Jul 26 03:09:11 2012 C:\WINDOWS\System32\PlaySndSrv.dll 7fef3510000 5010a4dd Jul 26 03:01:01 2012 C:\WINDOWS\system32\MsCtfMonitor.dll 7feec440000 5010a965 Jul 26 03:20:21 2012 C:\WINDOWS\system32\MSUTB.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\wininet.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef1070000 501086a8 Jul 26 00:52:08 2012 C:\WINDOWS\system32\WINMM.dll 7feedb10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\system32\WINMMBASE.dll 7feefd40000 50109e21 Jul 26 02:32:17 2012 C:\Program Files\Internet Explorer\sqmapi.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll SubSystemData: 0000000000000000 ProcessHeap: 0000001058380000 ProcessParameters: 00000010583811e0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\taskhostex.exe' ImageFile: 'C:\WINDOWS\system32\taskhostex.exe' CommandLine: 'taskhostex.exe ' DllPath: '< Name not readable >' Environment: 0000001058380860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa800374a700 Cid 02a0.0980 Teb: 000007f7ccb0c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e37f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 26 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address taskhostex!wWinMainCRTStartup (0x000007f7cd6a9608) Stack Init fffff880163b6dd0 Current fffff880163b6900 Base fffff880163b7000 Limit fffff880163b1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039bbb00 Cid 02a0.0f48 Teb: 000007f7ccb08000 Win32Thread: fffff901000ecb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1b3c0 NotificationEvent fffffa8003ec84c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 126 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskhostex!ComTaskMgrWnd::MsgPumpThreadProc (0x000007f7cd6a458c) Stack Init fffff880171aadd0 Current fffff880171aa180 Base fffff880171ab000 Limit fffff880171a5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030af080 Cid 02a0.0ba0 Teb: 000007f7cc9da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800276c5f0 NotificationEvent fffffa8003f553e0 NotificationEvent IRP List: fffffa8001c26010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d7b010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d4aaf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f8c310: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001de9c10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80040dcb10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f2fee0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80038bb420: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80037cd590: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f49010: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address PlaySndSrv!CBeepRedirector::WorkThread (0x000007fef36325d8) Stack Init fffff8801720add0 Current fffff8801720a180 Base fffff8801720b000 Limit fffff88017205000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80031e7080 Cid 02a0.074c Teb: 000007f7cc9d8000 Win32Thread: fffff9010064a710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002771140 NotificationEvent fffffa8003931250 NotificationEvent fffffa8001df6490 NotificationEvent fffffa8001c81320 NotificationEvent fffffa8001cce1e0 NotificationEvent fffffa8001ceb320 NotificationEvent fffffa8001c94570 NotificationEvent fffffa8001c5d710 NotificationEvent fffffa8001f96370 NotificationEvent fffffa8001d0f2f0 NotificationEvent fffffa8004122ee0 NotificationEvent fffffa8002df1880 NotificationEvent fffffa80032553e0 SynchronizationEvent fffffa800210fd60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MsCtfMonitor!MsCtfMonitor::ThreadProc (0x000007fef3512210) Stack Init fffff88017203dd0 Current fffff88017203180 Base fffff88017204000 Limit fffff880171fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cea840 Cid 02a0.0958 Teb: 000007f7ccb04000 Win32Thread: fffff90100642b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001ceabe8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address MSCTF!CCtfServerPort::StaticServerThread (0x000007fef5d44c84) Stack Init fffff880171d2dd0 Current fffff880171d2750 Base fffff880171d3000 Limit fffff880171cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800412a5c0 Cid 02a0.0d70 Teb: 000007f7cc9de000 Win32Thread: fffff90100648610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800385bc60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 214 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WINMM!mciwindow (0x000007fef1071130) Stack Init fffff8801726edd0 Current fffff8801726e5f0 Base fffff8801726f000 Limit fffff88017269000 Call 0 Priority 12 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002cfab00 Cid 02a0.00dc Teb: 000007f7cc9d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80041a35c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15681194 Ticks: 59934 (0:00:15:34.976) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88017507dd0 Current fffff88017507900 Base fffff88017508000 Limit fffff88017502000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ffa900 Cid 02a0.0644 Teb: 000007f7cc9d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b61500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736636 Ticks: 4492 (0:00:01:10.075) Context Switch Count 540 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88015f1edd0 Current fffff88015f1e7a0 Base fffff88015f1f000 Limit fffff88015f19000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80036d9040 Cid 02a0.0c14 Teb: 000007f7cc9dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736512 Ticks: 4616 (0:00:01:12.010) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003027dd0 Current fffff88003027760 Base fffff88003028000 Limit fffff88003022000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002685440 Cid 02a0.0e70 Teb: 000007f7cc9d4000 Win32Thread: fffff901042861b0 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15737277 Ticks: 3851 (0:00:01:00.075) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e14dd0 Current fffff88014e14760 Base fffff88014e15000 Limit fffff88014e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d6f700 Cid 02a0.0da8 Teb: 000007f7cc9ce000 Win32Thread: fffff901042b3b90 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e30dd0 Current fffff88014e30760 Base fffff88014e31000 Limit fffff88014e2b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003ed3600 SessionId: 2 Cid: 0d68 Peb: 7f68f17f000 ParentCid: 0824 DirBase: 40d5c000 ObjectTable: fffff8a006897040 HandleCount: Image: explorer.exe VadRoot fffffa8002d30260 Vads 865 Clone 0 Private 7319. Modified 4136. Locked 5209. DeviceMap fffff8a000290b20 Token fffff8a006b5a8c0 ElapsedTime 00:15:40.752 UserTime 00:00:00.514 KernelTime 00:00:00.842 QuotaPoolUsage[PagedPool] 1287264 QuotaPoolUsage[NonPagedPool] 124288 Working Set Sizes (now,min,max) (117592, 50, 345) (470368KB, 200KB, 1380KB) PeakWorkingSetSize 118144 VirtualSize 545 Mb PeakVirtualSize 548 Mb PageFaultCount 244272 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 8899 Setting context for this process... .process /p /r fffffa8003ed3600 !peb PEB at 000007f68f17f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f68f660000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000000000c81a30 . 000000001151aeb0 Ldr.InLoadOrderModuleList: 0000000000c81b90 . 000000001151ae90 Ldr.InMemoryOrderModuleList: 0000000000c81ba0 . 000000001151aea0 Base TimeStamp Module 7f68f660000 50107dbc Jul 26 00:14:04 2012 C:\WINDOWS\Explorer.EXE 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\SHCORE.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\SYSTEM32\UxTheme.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SspiCli.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\SYSTEM32\DUI70.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\Comctl32.dll 7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\SYSTEM32\DUser.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\SYSTEM32\wkscli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll 7fef2a40000 5010809d Jul 26 00:26:21 2012 C:\WINDOWS\SYSTEM32\SndVolSSO.DLL 7fef4070000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\SYSTEM32\HID.DLL 7fef25f0000 505a994b Sep 20 05:19:23 2012 C:\WINDOWS\System32\MMDevApi.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll 7fee78a0000 50108d4c Jul 26 01:20:28 2012 C:\WINDOWS\system32\explorerframe.dll 7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\SYSTEM32\LINKINFO.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\SYSTEM32\apphelp.dll 7fef26b0000 50108ae9 Jul 26 01:10:17 2012 C:\WINDOWS\System32\shdocvw.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\WINSTA.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\Windows\System32\XmlLite.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll 7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\Windows\System32\twinui.dll 7fef0030000 50108240 Jul 26 00:33:20 2012 C:\Windows\System32\windows.immersiveshell.serviceprovider.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll 7feeb690000 505a958e Sep 20 05:03:26 2012 C:\WINDOWS\System32\wpncore.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\SYSTEM32\slc.dll 7fef0c10000 5010a631 Jul 26 03:06:41 2012 C:\WINDOWS\SYSTEM32\sppc.dll 7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\system32\dwrite.dll 7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll 7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll 7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\SYSTEM32\igd10umd64.dll 7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll 7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll 7feea620000 501081c6 Jul 26 00:31:18 2012 C:\WINDOWS\System32\wlidprov.dll 7feed830000 501080ee Jul 26 00:27:42 2012 C:\Windows\System32\thumbcache.dll 7fef2670000 50108012 Jul 26 00:24:02 2012 C:\Windows\System32\InputSwitch.dll 7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\WINDOWS\SYSTEM32\elscore.dll 7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll 7fef1130000 50108750 Jul 26 00:54:56 2012 C:\WINDOWS\SYSTEM32\UIAutomationCore.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\Bcrypt.dll 7fef3610000 501089a5 Jul 26 01:04:53 2012 C:\WINDOWS\SYSTEM32\windows.globalization.fontgroups.dll 7fee8200000 505a91b3 Sep 20 04:46:59 2012 C:\WINDOWS\system32\authui.dll 7feec1d0000 50107fc9 Jul 26 00:22:49 2012 C:\WINDOWS\system32\stobject.dll 7fef1790000 505ab1e6 Sep 20 07:04:22 2012 C:\WINDOWS\system32\BatMeter.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\SYSTEM32\SAMLIB.dll 7feefc90000 50107eb2 Jul 26 00:18:10 2012 C:\WINDOWS\system32\SettingSyncInfo.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\SYSTEM32\wlanapi.dll 7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\SYSTEM32\wcmapi.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7fef1450000 505a9285 Sep 20 04:50:29 2012 C:\WINDOWS\System32\wpnprv.dll 7fef2660000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\SYSTEM32\TimeBrokerClient.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll 7fef13d0000 501097cc Jul 26 02:05:16 2012 C:\WINDOWS\system32\prnfldr.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV 7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\SYSTEM32\DPAPI.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\SYSTEM32\samcli.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feeb960000 50108eb7 Jul 26 01:26:31 2012 C:\WINDOWS\system32\dxp.dll 7fef2f80000 5010a280 Jul 26 02:50:56 2012 C:\WINDOWS\system32\Syncreg.dll 7feeb8e0000 505a97c3 Sep 20 05:12:51 2012 C:\WINDOWS\SYSTEM32\AUDIOSES.DLL 7fef16d0000 501092e9 Jul 26 01:44:25 2012 C:\WINDOWS\system32\wpdshserviceobj.dll 7fef1390000 5010814b Jul 26 00:29:15 2012 C:\Windows\System32\PortableDeviceTypes.dll 7feeda70000 501081ce Jul 26 00:31:26 2012 C:\Windows\System32\PortableDeviceApi.dll 7feeb810000 50109e19 Jul 26 02:32:09 2012 C:\Program Files\Windows Portable Devices\SqmApi.dll 7fef0ee0000 50108ea5 Jul 26 01:26:13 2012 C:\WINDOWS\system32\SettingMonitor.dll 7feefd20000 50109bd1 Jul 26 02:22:25 2012 C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL 7feefd00000 505a94b8 Sep 20 04:59:52 2012 C:\WINDOWS\system32\PackageStateRoaming.dll 7feeb770000 50109564 Jul 26 01:55:00 2012 C:\WINDOWS\System32\cscui.dll 7fef30c0000 5010a9be Jul 26 03:21:50 2012 C:\WINDOWS\System32\CSCDLL.dll 7fef30d0000 5010a183 Jul 26 02:46:43 2012 C:\WINDOWS\System32\cscobj.dll 7feed810000 501080a3 Jul 26 00:26:27 2012 C:\WINDOWS\System32\AltTab.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\SYSTEM32\CSCAPI.dll 7feeb260000 50107edf Jul 26 00:18:55 2012 C:\WINDOWS\System32\pnidui.dll 7fef2f70000 50109f4f Jul 26 02:37:19 2012 C:\WINDOWS\System32\NcaApi.dll 7feeb710000 501096a5 Jul 26 02:00:21 2012 C:\WINDOWS\System32\srchadmin.dll 7feed2f0000 5010825a Jul 26 00:33:46 2012 C:\WINDOWS\system32\NetworkStatus.dll 7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL 7feebfa0000 50108006 Jul 26 00:23:50 2012 C:\Windows\System32\bthprops.cpl 7feeec50000 5010871d Jul 26 00:54:05 2012 C:\Windows\System32\BluetoothApis.dll 7fee73d0000 501095ae Jul 26 01:56:14 2012 C:\WINDOWS\System32\SyncCenter.dll 7fee4770000 505a980d Sep 20 05:14:05 2012 C:\Windows\System32\ieframe.dll 7fee9e20000 50109167 Jul 26 01:37:59 2012 C:\WINDOWS\System32\Actioncenter.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\System32\wevtapi.dll 7feeacd0000 501098cf Jul 26 02:09:35 2012 C:\Windows\System32\imapi2.dll 7fee9300000 50108083 Jul 26 00:25:55 2012 C:\WINDOWS\System32\hgcpl.dll 7feec0d0000 5010804c Jul 26 00:25:00 2012 C:\WINDOWS\System32\provsvc.dll 7fef21b0000 5010a6ed Jul 26 03:09:49 2012 C:\Windows\System32\qmgrprxy.dll 7fef2400000 5010882e Jul 26 00:58:38 2012 C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7feec1a0000 50109479 Jul 26 01:51:05 2012 C:\WINDOWS\SYSTEM32\apprepapi.dll 7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\WINDOWS\SYSTEM32\ntshrui.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\SYSTEM32\srvcli.dll 7fee97e0000 50108ecf Jul 26 01:26:55 2012 C:\WINDOWS\system32\NetworkExplorer.dll 7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\SYSTEM32\MPR.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll 7feeb860000 5010982f Jul 26 02:06:55 2012 C:\WINDOWS\system32\PhotoMetadataHandler.dll 7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\SYSTEM32\MsftEdit.dll 7fee5a80000 501083e8 Jul 26 00:40:24 2012 C:\Windows\System32\Windows.Globalization.dll 7fee6830000 505a964f Sep 20 05:06:39 2012 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 7fee30c0000 5010908d Jul 26 01:34:21 2012 C:\WINDOWS\system32\UIRibbon.dll 7fee5790000 5010ac85 Jul 26 03:33:41 2012 C:\WINDOWS\SYSTEM32\UIRibbonRes.dll 7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll 7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll 7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll 7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll 7fee9390000 505aa5d5 Sep 20 06:12:53 2012 C:\WINDOWS\System32\StructuredQuery.dll 7fee5710000 5010967d Jul 26 01:59:41 2012 C:\Windows\System32\dlnashext.dll 7fef3050000 5010a2cd Jul 26 02:52:13 2012 C:\Windows\System32\DevDispItemProvider.dll 7fee72f0000 50109745 Jul 26 02:03:01 2012 C:\Windows\System32\EhStorShell.dll 7fef0be0000 5010a043 Jul 26 02:41:23 2012 C:\WINDOWS\System32\wscinterop.dll 7feedf40000 50107eeb Jul 26 00:19:07 2012 C:\WINDOWS\System32\WSCAPI.dll 7feefe20000 50108df3 Jul 26 01:23:15 2012 C:\WINDOWS\System32\wscui.cpl 7fee2d90000 50108bcd Jul 26 01:14:05 2012 C:\WINDOWS\System32\werconcpl.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\System32\VERSION.dll 7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\System32\wer.dll 7feefdc0000 50108819 Jul 26 00:58:17 2012 C:\WINDOWS\System32\framedynos.dll 7feefda0000 501098db Jul 26 02:09:47 2012 C:\WINDOWS\System32\wercplsupport.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7fef3680000 50109b69 Jul 26 02:20:41 2012 C:\WINDOWS\System32\hcproviders.dll 7fef1780000 50108826 Jul 26 00:58:30 2012 C:\WINDOWS\system32\keepaliveprovider.dll 7feedc20000 5010a948 Jul 26 03:19:52 2012 C:\WINDOWS\SYSTEM32\pcacli.dll 7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\System32\sfc_os.dll 7feee830000 5010809e Jul 26 00:26:22 2012 C:\WINDOWS\system32\timedate.cpl 7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\WINDOWS\system32\ATL.DLL 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll SubSystemData: 0000000000000000 ProcessHeap: 0000000000c80000 ProcessParameters: 0000000000c81210 CurrentDirectory: 'C:\WINDOWS\System32\' WindowTitle: 'Microsoft.Windows.Explorer' ImageFile: 'C:\WINDOWS\Explorer.EXE' CommandLine: 'C:\WINDOWS\Explorer.EXE' DllPath: '< Name not readable >' Environment: 0000000000c80860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001e3a480 Cid 0d68.0cb4 Teb: 000007f68f17d000 Win32Thread: fffff9010064ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003efb930 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738182 Ticks: 2946 (0:00:00:45.957) Context Switch Count 7313 IdealProcessor: 0 UserTime 00:00:00.218 KernelTime 00:00:00.249 Win32 Start Address Explorer!wWinMainCRTStartup (0x000007f68f699430) Stack Init fffff8801724fdd0 Current fffff8801724f770 Base fffff88017250000 Limit fffff8801724a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80037b4080 Cid 0d68.0638 Teb: 000007f68f179000 Win32Thread: fffff9010063e5b0 RUNNING on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 18325 IdealProcessor: 0 UserTime 00:00:00.280 KernelTime 00:00:00.405 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880159e3fd0 Current fffff880171fc7f0 Base fffff880159e4000 Limit fffff880159de000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002794b00 Cid 0d68.0428 Teb: 000007f68f177000 Win32Thread: fffff90103e90b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040783f0 SynchronizationEvent fffffa8003fb6690 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880171d9dd0 Current fffff880171d9180 Base fffff880171da000 Limit fffff880171d4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80033fc480 Cid 0d68.0964 Teb: 000007f68f04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2bca0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739761 Ticks: 1367 (0:00:00:21.325) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880172b5dd0 Current fffff880172b50f0 Base fffff880172b6000 Limit fffff880172b0000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80018d2500 Cid 0d68.096c Teb: 000007f68f04e000 Win32Thread: fffff90103ec63a0 WAIT: (UserRequest) UserMode Alertable fffffa800203eaf0 NotificationEvent fffffa8001ff8b30 NotificationEvent fffffa80020a75a0 NotificationEvent fffffa8001fec130 NotificationEvent fffffa800399b060 NotificationEvent fffffa8001c36280 NotificationEvent fffffa8003a05650 NotificationEvent fffffa800413d460 NotificationEvent fffffa8001e8bfb8 NotificationEvent fffffa800269c680 NotificationEvent fffffa8002634130 NotificationEvent fffffa800203e1e0 NotificationEvent fffffa800203e160 NotificationEvent fffffa8003fedc70 NotificationEvent fffffa80018f4160 NotificationEvent fffffa8002c4c700 NotificationEvent fffffa8001f0c420 NotificationEvent fffffa8003fa6f90 NotificationEvent fffffa8001d1bfe0 NotificationEvent fffffa80039615b0 NotificationEvent fffffa80030b3140 NotificationEvent fffffa8001ddb490 NotificationEvent fffffa8003612970 NotificationEvent fffffa8003808740 NotificationEvent fffffa800276aad0 NotificationEvent fffffa8003dc7a10 NotificationEvent fffffa800267f550 NotificationEvent fffffa8002637fe0 NotificationEvent fffffa80036a1940 NotificationEvent fffffa8001fa0930 NotificationEvent fffffa8004030d70 NotificationEvent fffffa8003f8bfe0 NotificationEvent fffffa8001f25b10 NotificationEvent fffffa8003f94060 NotificationEvent fffffa8002632690 NotificationEvent fffffa8002df12f0 SynchronizationEvent IRP List: fffffa80021b7c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e22150: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c3af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c8550: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800338b830: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e3ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d85c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003707c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80037f5310: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80027ff7c0: (0006,01f0) Flags: 00060000 Mdl: fffffa800205ad00 fffffa80033981f0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003856810: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8004159c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800392fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f7cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f80480: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001ebac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15731604 Ticks: 9524 (0:00:02:28.575) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880172cfdd0 Current fffff880172cf180 Base fffff880172d0000 Limit fffff880172ca000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f0ca00 Cid 0d68.03b4 Teb: 000007f68f048000 Win32Thread: fffff90103ede780 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 83236 IdealProcessor: 0 UserTime 00:00:05.101 KernelTime 00:00:04.976 Win32 Start Address windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc (0x000007fef0033564) Stack Init fffff8801729ddd0 Current fffff8801729d7d0 Base fffff8801729e000 Limit fffff88017298000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001cf9080 Cid 0d68.0ea0 Teb: 000007f68f046000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c96ae0 SynchronizationTimer fffffa8001c9ff60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 72 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address twinui!MemWatcherMonitorThreadProc (0x000007fee5e31060) Stack Init fffff880172e4dd0 Current fffff880172e4180 Base fffff880172e5000 Limit fffff880172df000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003841740 Cid 0d68.03a0 Teb: 000007f68f040000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffff802b3d181e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address twinui!CImmersiveWatermark::s_NotificationWindowDisplay (0x000007fee5f06ed4) Stack Init fffff880172dddd0 Current fffff880172dc030 Base fffff880172de000 Limit fffff880172d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003fdb940 Cid 0d68.0af8 Teb: 000007f68f03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd0060 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017340dd0 Current fffff88017340900 Base fffff88017341000 Limit fffff8801733b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c4d800 Cid 0d68.0204 Teb: 000007f68f038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003dc8060 NotificationEvent fffffa8001cdd210 SynchronizationEvent fffffa80040db060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 *** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll - Win32 Start Address sppc (0x000007fef0c16208) Stack Init fffff8801735cdd0 Current fffff8801735c180 Base fffff8801735d000 Limit fffff88017357000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c30b00 Cid 0d68.0218 Teb: 000007f68f036000 Win32Thread: fffff90103efeb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031e8060 SynchronizationEvent fffffa8002c9d760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15726086 Ticks: 15042 (0:00:03:54.656) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address DUI70!DirectUI::StyleSheetCache::CCacheThread::s_ThreadProc (0x000007fef220cb24) Stack Init fffff88017430dd0 Current fffff88017430180 Base fffff88017431000 Limit fffff8801742b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80040cc4c0 Cid 0d68.0200 Teb: 000007f68f030000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa800385be90 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff8801758edd0 Current fffff8801758e180 Base fffff8801758f000 Limit fffff88017589000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003098380 Cid 0d68.0ecc Teb: 000007f68f028000 Win32Thread: fffff90103efa680 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003618060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017484dd0 Current fffff880174845f0 Base fffff88017485000 Limit fffff8801747f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002196600 Cid 0d68.01bc Teb: 000007f68f024000 Win32Thread: fffff90103f00b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d6bdc0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801753cdd0 Current fffff8801753c5f0 Base fffff8801753d000 Limit fffff88017537000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d88b00 Cid 0d68.0390 Teb: 000007f68f022000 Win32Thread: fffff90103f00710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80038b9220 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738781 Ticks: 2347 (0:00:00:36.613) Context Switch Count 303 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801748bdd0 Current fffff8801748b5f0 Base fffff8801748c000 Limit fffff88017486000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80040667c0 Cid 0d68.0d3c Teb: 000007f68f026000 Win32Thread: fffff90103f08b90 READY on processor 0 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 3843 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801747ddd0 Current fffff8801747d700 Base fffff8801747e000 Limit fffff88017478000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80040b9080 Cid 0d68.01cc Teb: 000007f68f01e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80024ca960 SynchronizationEvent fffffa80033ff260 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739009 Ticks: 2119 (0:00:00:33.056) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174aedd0 Current fffff880174ae180 Base fffff880174af000 Limit fffff880174a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e0ab00 Cid 0d68.08f0 Teb: 000007f68f014000 Win32Thread: fffff90103f38b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372b290 SynchronizationEvent fffffa8003ba06d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 326 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801597afd0 Current fffff8801597a380 Base fffff8801597b000 Limit fffff88015975000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8004148b00 Cid 0d68.0d84 Teb: 000007f68f012000 Win32Thread: fffff90103f4ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037ad890 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15715274 Ticks: 25854 (0:00:06:43.324) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880174d6dd0 Current fffff880174d65f0 Base fffff880174d7000 Limit fffff880174d1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d5c040 Cid 0d68.0e14 Teb: 000007f68f00e000 Win32Thread: fffff90100754010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002c46d50 NotificationEvent fffffa8001d09470 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801657add0 Current fffff8801657a180 Base fffff8801657b000 Limit fffff88016575000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f46b00 Cid 0d68.0890 Teb: 000007f68eff0000 Win32Thread: fffff90104041010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002036fe0 NotificationEvent fffffa80033981c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 331 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174e4dd0 Current fffff880174e4180 Base fffff880174e5000 Limit fffff880174df000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002ce1b00 Cid 0d68.0394 Teb: 000007f68efe8000 Win32Thread: fffff90103f74750 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003989500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 80 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88017595dd0 Current fffff880175957a0 Base fffff88017596000 Limit fffff88017590000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002ce7080 Cid 0d68.0ff4 Teb: 000007f68efe6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa80041a5fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff880175a3dd0 Current fffff880175a3180 Base fffff880175a4000 Limit fffff8801759e000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cda240 Cid 0d68.0f4c Teb: 000007f68efe4000 Win32Thread: fffff901000ebb90 WAIT: (UserRequest) UserMode Alertable fffffa8001821a30 NotificationEvent fffffa8001c4c060 SynchronizationTimer fffffa8003f8bd90 NotificationEvent fffffa800381b300 NotificationEvent fffffa800209b4e0 SynchronizationEvent fffffa8002da6590 SynchronizationEvent fffffa800213cd30 SynchronizationEvent IRP List: fffffa8001ebc010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f86c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038b4c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001cf3430: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d8ec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800417fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f98af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002d2f010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80041304d0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f6fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003e36010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002067c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038fd010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002c64010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800379d010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003de0c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002e56430: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1960 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175aadd0 Current fffff880175aa180 Base fffff880175ab000 Limit fffff880175a5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cd4240 Cid 0d68.0d5c Teb: 000007f68efe2000 Win32Thread: fffff901000ddb90 WAIT: (UserRequest) UserMode Alertable fffffa8003d84060 SynchronizationEvent fffffa8003efb780 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15734768 Ticks: 6360 (0:00:01:39.216) Context Switch Count 420 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175f9dd0 Current fffff880175f9180 Base fffff880175fa000 Limit fffff880175f4000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cb7080 Cid 0d68.030c Teb: 000007f68efe0000 Win32Thread: fffff9010061e6f0 WAIT: (UserRequest) UserMode Alertable fffffa800403fcb0 SynchronizationEvent fffffa8003ff4be0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801719cdd0 Current fffff8801719c180 Base fffff8801719d000 Limit fffff88017197000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003066b00 Cid 0d68.0e90 Teb: 000007f68efde000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002036060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738482 Ticks: 2646 (0:00:00:41.277) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff880175bedd0 Current fffff880175be900 Base fffff880175bf000 Limit fffff880175b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80020fb880 Cid 0d68.0a40 Teb: 000007f68efda000 Win32Thread: fffff901040b3750 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8001fd55d0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff880175dbdd0 Current fffff880175db180 Base fffff880175dc000 Limit fffff880175d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e41080 Cid 0d68.09f8 Teb: 000007f68efd8000 Win32Thread: fffff901000e96f0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001ed83d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88000fdbdd0 Current fffff88000fdb5f0 Base fffff88000fdc000 Limit fffff88000fd6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002744640 Cid 0d68.03c4 Teb: 000007f68efd6000 Win32Thread: fffff90103fc0750 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d16ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800099bdd0 Current fffff8800099b5f0 Base fffff8800099c000 Limit fffff88000996000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003600380 Cid 0d68.0280 Teb: 000007f68efd4000 Win32Thread: fffff90103f66b90 WAIT: (UserRequest) UserMode Alertable fffffa80024c64c0 SynchronizationEvent IRP List: fffffa8002eadc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003000010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15728588 Ticks: 12540 (0:00:03:15.625) Context Switch Count 193 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88014e8bdd0 Current fffff88014e8b0f0 Base fffff88014e8c000 Limit fffff88014e86000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800212ea80 Cid 0d68.0c90 Teb: 000007f68efd2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8003bb5250 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff88000fd4dd0 Current fffff88000fd4180 Base fffff88000fd5000 Limit fffff88000fcf000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c9bb00 Cid 0d68.0c04 Teb: 000007f68f173000 Win32Thread: fffff90103f78710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800403fd30 SynchronizationEvent fffffa80020b0f60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712531 Ticks: 28597 (0:00:07:26.116) Context Switch Count 1912 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801550bfd0 Current fffff8801550b380 Base fffff8801550c000 Limit fffff88015506000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800366cb00 Cid 0d68.0de4 Teb: 000007f68efd0000 Win32Thread: fffff90103fb4b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d33ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737617 Ticks: 3511 (0:00:00:54.771) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800306add0 Current fffff8800306a5f0 Base fffff8800306b000 Limit fffff88003065000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001d90080 Cid 0d68.0c44 Teb: 000007f68f175000 Win32Thread: fffff90104013950 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ec2f50 SynchronizationEvent fffffa80041640f0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6890 IdealProcessor: 0 UserTime 00:00:00.390 KernelTime 00:00:00.702 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003086fd0 Current fffff88003086380 Base fffff88003087000 Limit fffff88003081000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001d75b00 Cid 0d68.0d44 Teb: 000007f68f01c000 Win32Thread: fffff901006e9b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8004142a10 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015eeddd0 Current fffff88015eed5f0 Base fffff88015eee000 Limit fffff88015ee8000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800213c800 Cid 0d68.0f08 Teb: 000007f68f006000 Win32Thread: fffff90103f6ab90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject IRP List: fffffa80041e8010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f8edd0 Current fffff88014f8e760 Base fffff88014f8f000 Limit fffff88014f89000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e56b00 Cid 0d68.0140 Teb: 000007f68f000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f4e080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164b6dd0 Current fffff880164b6760 Base fffff880164b7000 Limit fffff880164b1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cdf300 Cid 0d68.0854 Teb: 000007f68f03c000 Win32Thread: fffff90103f544e0 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 443 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe2dd0 Current fffff88000fe2760 Base fffff88000fe3000 Limit fffff88000fdd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003fdc840 Cid 0d68.0fd8 Teb: 000007f68f04c000 Win32Thread: fffff9010419eb90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739713 Ticks: 1415 (0:00:00:22.074) Context Switch Count 387 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170a1dd0 Current fffff880170a1760 Base fffff880170a2000 Limit fffff8801709c000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80020aeb00 Cid 0d68.0804 Teb: 000007f68f032000 Win32Thread: fffff90104195530 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738504 Ticks: 2624 (0:00:00:40.934) Context Switch Count 206 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017102dd0 Current fffff88017102760 Base fffff88017103000 Limit fffff880170fd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003095240 Cid 0d68.0438 Teb: 000007f68f034000 Win32Thread: fffff901040a05b0 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 171 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173ccdd0 Current fffff880173cc760 Base fffff880173cd000 Limit fffff880173c7000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002692700 Cid 0d68.0dc0 Teb: 000007f68f02e000 Win32Thread: fffff901042fb010 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740848 Ticks: 280 (0:00:00:04.368) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173dbdd0 Current fffff880173db760 Base fffff880173dc000 Limit fffff880173d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80033cd080 Cid 0d68.09e4 Teb: 000007f68f020000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735437 Ticks: 5691 (0:00:01:28.780) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017437dd0 Current fffff88017437760 Base fffff88017438000 Limit fffff88017432000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800219b080 Cid 0d68.0a6c Teb: 000007f68f01a000 Win32Thread: fffff90100625b90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738573 Ticks: 2555 (0:00:00:39.858) Context Switch Count 140 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801743edd0 Current fffff8801743e760 Base fffff8801743f000 Limit fffff88017439000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002161080 Cid 0d68.09fc Teb: 000007f68f17b000 Win32Thread: fffff9010412ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002634c10 SynchronizationEvent fffffa8002cf2e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address UxTheme!CManagerImpl::s_ThreadProc (0x000007fef3c98fc0) Stack Init fffff8801751cdd0 Current fffff8801751c180 Base fffff8801751d000 Limit fffff88017517000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001ebe040 Cid 0d68.0edc Teb: 000007f68f044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Alertable fffffa8004001540 SynchronizationEvent fffff88014e4cbe0 NotificationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!RtlpWnfNotificationThread (0x000007fef7f005bc) Stack Init fffff88014e4cdd0 Current fffff88014e4c8a0 Base fffff88014e4d000 Limit fffff88014e47000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8001fe8940 SessionId: 2 Cid: 0bdc Peb: 7f6bc9cc000 ParentCid: 0288 DirBase: 09f57000 ObjectTable: fffff8a002742440 HandleCount: Image: LiveComm.exe VadRoot fffffa8002d8ecd0 Vads 308 Clone 0 Private 1551. Modified 1331. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0068da8c0 ElapsedTime 00:15:36.587 UserTime 00:00:00.000 KernelTime 00:00:00.015 QuotaPoolUsage[PagedPool] 330592 QuotaPoolUsage[NonPagedPool] 45008 Working Set Sizes (now,min,max) (5237, 50, 345) (20948KB, 200KB, 1380KB) PeakWorkingSetSize 6082 VirtualSize 752 Mb PeakVirtualSize 757 Mb PageFaultCount 11177 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3185 Job fffffa8001dfa060 Setting context for this process... .process /p /r fffffa8001fe8940 !peb PEB at 000007f6bc9cc000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6bd870000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000001e5b5a1f50 . 0000001e21942790 Ldr.InLoadOrderModuleList: 0000001e5b5a20b0 . 0000001e21942770 Ldr.InMemoryOrderModuleList: 0000001e5b5a20c0 . 0000001e21942780 Base TimeStamp Module 7f6bd870000 500ca1a7 Jul 23 01:58:15 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7feeb2f0000 4ffe2eb5 Jul 12 02:56:05 2012 C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe\MSVCR110.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2e20000 500ca148 Jul 23 01:56:40 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\wllog.dll 7fee99c0000 500ca196 Jul 23 01:57:58 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef0e80000 50108231 Jul 26 00:33:05 2012 C:\Windows\System32\Windows.Storage.ApplicationData.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef0c60000 500ca1c4 Jul 23 01:58:44 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\shared\bici.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef0c40000 5010884e Jul 26 00:59:10 2012 C:\Windows\System32\threadpoolwinrt.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7feecb30000 501087eb Jul 26 00:57:31 2012 C:\Windows\System32\biwinrt.dll 7fee7140000 500ca186 Jul 23 01:57:42 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll 7feeafc0000 501087a4 Jul 26 00:56:20 2012 C:\WINDOWS\System32\wpnapps.dll 7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\SYSTEM32\ESENT.dll 7fef3600000 500ca1bc Jul 23 01:58:36 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll 7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\Windows\System32\msxml6.dll 7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll 7fee7330000 500ca15d Jul 23 01:57:01 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll 7fee7000000 500ca17e Jul 23 01:57:34 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\XmlLite.dll 7fee6ec0000 500ca16c Jul 23 01:57:16 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll 7fee5a10000 505a9222 Sep 20 04:48:50 2012 C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\SYSTEM32\FirewallAPI.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\userenv.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7fee5a80000 501083e8 Jul 26 00:40:24 2012 C:\Windows\System32\Windows.Globalization.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7feec390000 50107f23 Jul 26 00:20:03 2012 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7fef0290000 501089fb Jul 26 01:06:19 2012 C:\Windows\System32\CryptoWinRT.dll 7feeb100000 50109dd1 Jul 26 02:30:57 2012 C:\Windows\System32\easwrt.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\SYSTEM32\SAMLIB.dll 7feeda50000 50108952 Jul 26 01:03:30 2012 C:\WINDOWS\SYSTEM32\winbio.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\SYSTEM32\samcli.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll 7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\SYSTEM32\AUTHZ.dll 7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\Windows\System32\Windows.UI.dll 7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll SubSystemData: 000007fee8ad43f0 ProcessHeap: 0000001e5b5a0000 ProcessParameters: 0000001e5b5a1360 CurrentDirectory: 'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\' WindowTitle: '"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe"' ImageFile: 'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe' CommandLine: '"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server' DllPath: 'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.8514.0_neutral__8wekyb3d8bbwe' Environment: 0000001e5b5a0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp TMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8002492800 Cid 0bdc.0be8 Teb: 000007f6bc9ce000 Win32Thread: fffff90103f742d0 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 000007fee8ad5c10 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 *** ERROR: Module load completed but symbols could not be loaded for LiveComm.exe Win32 Start Address LiveComm (0x000007f6bd873b24) Stack Init fffff88017499dd0 Current fffff88017499970 Base fffff8801749a000 Limit fffff88017494000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. THREAD fffffa8001efeb00 Cid 0bdc.07b8 Teb: 000007f6bc9ca000 Win32Thread: fffff90103f66710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db2740 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736425 Ticks: 4703 (0:00:01:13.367) Context Switch Count 260 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015833dd0 Current fffff88015833900 Base fffff88015834000 Limit fffff8801582e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8001c8cb00 Cid 0bdc.0450 Teb: 000007f6bc9c8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e796d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpLogger (0x000007fef7f46168) Stack Init fffff8801583add0 Current fffff8801583a900 Base fffff8801583b000 Limit fffff88015835000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. THREAD fffffa8001c7f080 Cid 0bdc.0e84 Teb: 000007f6bc9c4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e888f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740524 Ticks: 604 (0:00:00:09.422) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015841dd0 Current fffff880158410f0 Base fffff88015842000 Limit fffff8801583c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8002d2a200 Cid 0bdc.0e3c Teb: 000007f6bc89e000 Win32Thread: fffff90100600b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c176c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736493 Ticks: 4635 (0:00:01:12.306) Context Switch Count 1391 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e06dd0 Current fffff88014e06900 Base fffff88014e07000 Limit fffff88014e01000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa800260d080 Cid 0bdc.05d4 Teb: 000007f6bc89c000 Win32Thread: fffff90103f54b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740403 Ticks: 725 (0:00:00:11.310) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801584fdd0 Current fffff8801584f760 Base fffff88015850000 Limit fffff8801584a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80031f2b00 Cid 0bdc.003c Teb: 000007f6bc89a000 Win32Thread: fffff901000ef570 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject IRP List: fffffa8003ed5010: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa8003f18c10: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 546 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015848dd0 Current fffff88015848760 Base fffff88015849000 Limit fffff88015843000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80040e8b00 Cid 0bdc.01c0 Teb: 000007f6bc896000 Win32Thread: fffff90103f72b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 139 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017579dd0 Current fffff88017579760 Base fffff8801757a000 Limit fffff88017574000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80020c5b00 Cid 0bdc.0168 Teb: 000007f6bc894000 Win32Thread: fffff90103f6cb90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 784 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801585ddd0 Current fffff8801585d760 Base fffff8801585e000 Limit fffff88015858000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8002054400 Cid 0bdc.0870 Teb: 000007f6bc890000 Win32Thread: fffff90103fe5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f4e4d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736195 Ticks: 4933 (0:00:01:16.955) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015872dd0 Current fffff88015872900 Base fffff88015873000 Limit fffff8801586d000 Call 0 Priority 12 BasePriority 8 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80039d1b00 Cid 0bdc.0cc8 Teb: 000007f6bc88c000 Win32Thread: fffff90100624b90 WAIT: (WrQueue) UserMode Alertable fffffa8003bdc500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015879dd0 Current fffff88015879760 Base fffff8801587a000 Limit fffff88015874000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8001ec1080 Cid 0bdc.0a10 Teb: 000007f6bc88a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003768f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880154a2dd0 Current fffff880154a2900 Base fffff880154a3000 Limit fffff8801549d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. THREAD fffffa8001c49080 Cid 0bdc.0e18 Teb: 000007f6bc888000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80027fb080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736491 Ticks: 4637 (0:00:01:12.337) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880154b7dd0 Current fffff880154b77a0 Base fffff880154b8000 Limit fffff880154b2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8001d4f4c0 Cid 0bdc.0e34 Teb: 000007f6bc884000 Win32Thread: fffff90103fba290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001eef290 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736136 Ticks: 4992 (0:00:01:17.875) Context Switch Count 555 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015902dd0 Current fffff88015902900 Base fffff88015903000 Limit fffff880158fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8001e41080 Cid 0bdc.0b68 Teb: 000007f6bc882000 Win32Thread: fffff90100703010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015909dd0 Current fffff88015909760 Base fffff8801590a000 Limit fffff88015904000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80040a8600 Cid 0bdc.0988 Teb: 000007f6bc880000 Win32Thread: fffff90100701010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736367 Ticks: 4761 (0:00:01:14.272) Context Switch Count 69 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155a4dd0 Current fffff880155a4760 Base fffff880155a5000 Limit fffff8801559f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8001e5a780 Cid 0bdc.08b8 Teb: 000007f6bc87e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80021944e0 NotificationEvent IRP List: fffffa80020a1330: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88014faadd0 Current fffff88014faa900 Base fffff88014fab000 Limit fffff88014fa5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8003648480 Cid 0bdc.0cbc Teb: 000007f6bc87c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef0700 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740662 Ticks: 466 (0:00:00:07.269) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171b6dd0 Current fffff880171b6760 Base fffff880171b7000 Limit fffff880171b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8003041300 Cid 0bdc.0914 Teb: 000007f6bc878000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800367b740 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736876 Ticks: 4252 (0:00:01:06.331) Context Switch Count 13 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88017022dd0 Current fffff880170227a0 Base fffff88017023000 Limit fffff8801701d000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80033b1940 Cid 0bdc.0cfc Teb: 000007f6bc87a000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffffa8003bbe118 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735637 Ticks: 5491 (0:00:01:25.660) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88015964dd0 Current fffff880159647e0 Base fffff88015965000 Limit fffff8801595f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. THREAD fffffa800418bb00 Cid 0bdc.0da4 Teb: 000007f6bc886000 Win32Thread: fffff90103f06640 WAIT: (UserRequest) UserMode Alertable fffffa8003065290 SynchronizationEvent IRP List: fffffa8002195c10: (0006,03e8) Flags: 00020870 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740256 Ticks: 872 (0:00:00:13.603) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff8801731fdd0 Current fffff8801731f0f0 Base fffff88017320000 Limit fffff8801731a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa8003894b00 Cid 0bdc.0e40 Teb: 000007f6bc872000 Win32Thread: fffff90104252b90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801759cdd0 Current fffff8801759c760 Base fffff8801759d000 Limit fffff88017597000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa80020ca080 Cid 0bdc.0b98 Teb: 000007f6bc86e000 Win32Thread: fffff9010434ab90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003063dd0 Current fffff88003063760 Base fffff88003064000 Limit fffff8800305e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 THREAD fffffa800306a440 Cid 0bdc.0b30 Teb: 000007f6bc866000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736997 Ticks: 4131 (0:00:01:04.444) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dfbdd0 Current fffff88003dfb760 Base fffff88003dfc000 Limit fffff88003df6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 PROCESS fffffa8002d5d940 SessionId: 2 Cid: 0dd0 Peb: 7f6525bf000 ParentCid: 0d68 DirBase: 66377000 ObjectTable: fffff8a0068d5600 HandleCount: Image: browserchoice.exe VadRoot fffffa8003b45140 Vads 74 Clone 0 Private 301. Modified 1. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a002f828c0 ElapsedTime 00:15:21.299 UserTime 00:00:00.015 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 199688 QuotaPoolUsage[NonPagedPool] 9408 Working Set Sizes (now,min,max) (2142, 50, 345) (8568KB, 200KB, 1380KB) PeakWorkingSetSize 2189 VirtualSize 96 Mb PeakVirtualSize 99 Mb PageFaultCount 2368 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 495 Setting context for this process... .process /p /r fffffa8002d5d940 !peb PEB at 000007f6525bf000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f652920000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000002fd1e41a90 . 0000002fd1e900a0 Ldr.InLoadOrderModuleList: 0000002fd1e41bf0 . 0000002fd1e90080 Ldr.InMemoryOrderModuleList: 0000002fd1e41c00 . 0000002fd1e90090 Base TimeStamp Module 7f652920000 502afc3f Aug 15 02:32:47 2012 C:\Windows\BrowserChoice\browserchoice.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\Windows\System32\twinui.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\Windows\System32\XmlLite.dll 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\Windows\System32\dwmapi.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\OLEACC.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll SubSystemData: 0000000000000000 ProcessHeap: 0000002fd1e40000 ProcessParameters: 0000002fd1e41210 CurrentDirectory: 'C:\WINDOWS\System32\' WindowTitle: 'C:\Windows\BrowserChoice\browserchoice.exe' ImageFile: 'C:\Windows\BrowserChoice\browserchoice.exe' CommandLine: '"C:\Windows\BrowserChoice\browserchoice.exe" /run' DllPath: '< Name not readable >' Environment: 0000002fd1e40860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa800414e080 Cid 0dd0.0ffc Teb: 000007f6525bd000 Win32Thread: fffff90103e94530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b43b00 NotificationEvent fffffa800200e080 ProcessObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15682371 Ticks: 58757 (0:00:15:16.615) Context Switch Count 173 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address browserchoice!WinMainCRTStartup (0x000007f652923adc) Stack Init fffff880172d6dd0 Current fffff880172d6180 Base fffff880172d7000 Limit fffff880172d1000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f76080 Cid 0dd0.07b4 Teb: 000007f6525b5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d6e380 SynchronizationEvent fffffa8003e455b0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15740007 Ticks: 1121 (0:00:00:17.487) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015910dd0 Current fffff88015910180 Base fffff88015911000 Limit fffff8801590b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800418c9c0 Cid 0dd0.062c Teb: 000007f6525bb000 Win32Thread: fffff90103fbab90 WAIT: (WrQueue) UserMode Alertable fffffa8003075a80 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160c3dd0 Current fffff880160c3760 Base fffff880160c4000 Limit fffff880160be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa800200e080 SessionId: 2 Cid: 0478 Peb: 7f6893cf000 ParentCid: 0288 DirBase: 66cf7000 ObjectTable: fffff8a0029307c0 HandleCount: Image: WWAHost.exe VadRoot fffffa8003dcfe60 Vads 239 Clone 0 Private 3988. Modified 23634. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a00213b060 ElapsedTime 00:15:19.037 UserTime 00:00:00.218 KernelTime 00:00:00.031 QuotaPoolUsage[PagedPool] 414888 QuotaPoolUsage[NonPagedPool] 33936 Working Set Sizes (now,min,max) (11114, 50, 345) (44456KB, 200KB, 1380KB) PeakWorkingSetSize 14528 VirtualSize 230 Mb PeakVirtualSize 254 Mb PageFaultCount 42939 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 5574 Job fffffa80039a1060 Setting context for this process... .process /p /r fffffa800200e080 !peb PEB at 000007f6893cf000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6894b0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000006848391af0 . 000000684cf74680 Ldr.InLoadOrderModuleList: 0000006848391c50 . 000000684cf74660 Ldr.InMemoryOrderModuleList: 0000006848391c60 . 000000684cf74670 Base TimeStamp Module 7f6894b0000 505a9152 Sep 20 04:45:22 2012 C:\WINDOWS\System32\WWAHost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\WINDOWS\SYSTEM32\wintypes.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\System32\Bcp47Langs.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fee34e0000 505aa515 Sep 20 06:09:41 2012 C:\WINDOWS\System32\MSHTML.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\System32\TWINAPI.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\System32\dwmapi.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef3160000 4ffa5788 Jul 09 05:01:12 2012 C:\WINDOWS\System32\RoMetadata.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\System32\DUI70.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\WINDOWS\SYSTEM32\mrmcorer.dll 7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\System32\d2d1.dll 7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\System32\DWrite.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\System32\dxgi.dll 7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\System32\d3d11.dll 7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\System32\igd10umd64.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\System32\windows.ui.dll 7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\System32\NInput.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\System32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SSPICLI.DLL 7fef3650000 5010880a Jul 26 00:58:02 2012 C:\WINDOWS\system32\msimtf.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll 7fef3130000 50109e64 Jul 26 02:33:24 2012 C:\Windows\System32\WwaApi.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\shell32.dll 7fee69c0000 505a9b06 Sep 20 05:26:46 2012 C:\Windows\System32\jscript9.dll 7fef0e80000 50108231 Jul 26 00:33:05 2012 C:\Windows\System32\Windows.Storage.ApplicationData.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\System32\bcrypt.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\System32\OLEACC.DLL 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\System32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\System32\DNSAPI.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\userenv.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll 7feeb860000 5010982f Jul 26 02:06:55 2012 C:\WINDOWS\system32\PhotoMetadataHandler.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\System32\PROPSYS.dll 7fef02c0000 5010877e Jul 26 00:55:42 2012 C:\WINDOWS\system32\windowscodecsext.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\system32\mlang.dll 7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll 7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\System32\IEFRAME.dll 7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\System32\DUser.dll 7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\System32\D3D10Warp.dll SubSystemData: 000007fee8ad43f0 ProcessHeap: 0000006848390000 ProcessParameters: 00000068483912d0 CurrentDirectory: 'C:\WINDOWS\BrowserChoice\' WindowTitle: '"C:\WINDOWS\System32\WWAHost.exe"' ImageFile: 'C:\WINDOWS\System32\WWAHost.exe' CommandLine: '"C:\WINDOWS\System32\WWAHost.exe" -ServerName:Windows.BrowserChoice' DllPath: 'C:\WINDOWS\BrowserChoice' Environment: 0000006848390860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC\Temp TMP=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa800362d500 Cid 0478.0254 Teb: 000007f6893cd000 Win32Thread: fffff90103f68b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800415e640 NotificationEvent fffffa8001fa17c0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741023 Ticks: 105 (0:00:00:01.638) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address WWAHost!mainCRTStartup (0x000007f6894bb320) Stack Init fffff88017303dd0 Current fffff88017303180 Base fffff88017304000 Limit fffff880172fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001f80b00 Cid 0478.03d4 Teb: 000007f6893c9000 Win32Thread: fffff90103fb6410 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 68 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151f7dd0 Current fffff880151f7760 Base fffff880151f8000 Limit fffff880151f2000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80036f5080 Cid 0478.0a14 Teb: 000007f6893c5000 Win32Thread: fffff90103fb8410 WAIT: (UserRequest) UserMode Alertable fffffa80027f9060 SynchronizationEvent fffffa80021a8940 NotificationEvent fffffa80041a7be0 SynchronizationTimer fffffa8001d2d380 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 16400 IdealProcessor: 0 UserTime 00:00:02.464 KernelTime 00:00:00.904 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003c52dd0 Current fffff88003c52180 Base fffff88003c53000 Limit fffff88003c4d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80032b3080 Cid 0478.0440 Teb: 000007f68929c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037ec920 NotificationEvent fffffa8001f990f0 NotificationEvent fffffa800219d550 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mrmcorer!Windows::ApplicationModel::Resources::Core::LanguageChangeNotifiyThreadProc (0x000007feeeb8dcfc) Stack Init fffff88015f17dd0 Current fffff88015f17180 Base fffff88015f18000 Limit fffff88015f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e66500 Cid 0478.0250 Teb: 000007f689298000 Win32Thread: fffff90103fb6b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80040e0600 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CIndependentHitTestManager::s_IndependentHitTestThreadProc (0x000007fee3987d10) Stack Init fffff88017133dd0 Current fffff880171335f0 Base fffff88017134000 Limit fffff8801712e000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bd9080 Cid 0478.04d4 Teb: 000007f689296000 Win32Thread: fffff90103fba710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800269f430 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15702012 Ticks: 39116 (0:00:10:10.213) Context Switch Count 1108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff880161b1dd0 Current fffff880161b1900 Base fffff880161b2000 Limit fffff880161ac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001e1c600 Cid 0478.0f34 Teb: 000007f689294000 Win32Thread: fffff90103fb8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e131a0 SynchronizationEvent fffffa8003b489d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15701923 Ticks: 39205 (0:00:10:11.601) Context Switch Count 2681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.062 Win32 Start Address MSHTML!CVSyncProvider::RunThread (0x000007fee399ae74) Stack Init fffff88017445dd0 Current fffff88017445180 Base fffff88017446000 Limit fffff88017440000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8004016080 Cid 0478.0c0c Teb: 000007f689292000 Win32Thread: fffff90103fa1410 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001f06e00 SynchronizationEvent fffffa80018a3900 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 78 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff88017587dd0 Current fffff88017587180 Base fffff88017588000 Limit fffff88017582000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d83700 Cid 0478.013c Teb: 000007f689290000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040b8620 SynchronizationEvent fffffa80041735c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682797 Ticks: 58331 (0:00:15:09.969) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015933dd0 Current fffff88015933180 Base fffff88015934000 Limit fffff8801592e000 Call 0 Priority 10 BasePriority 7 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e56880 Cid 0478.0130 Teb: 000007f68928e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800384cca0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682789 Ticks: 58339 (0:00:15:10.094) Context Switch Count 29 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8800302edd0 Current fffff8800302e900 Base fffff8800302f000 Limit fffff88003029000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002cd7b00 Cid 0478.0bf8 Teb: 000007f68928c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800398f290 SynchronizationEvent fffffa8003daf2f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740250 Ticks: 878 (0:00:00:13.696) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88002fb2dd0 Current fffff88002fb2180 Base fffff88002fb3000 Limit fffff88002fad000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d9a280 Cid 0478.0c74 Teb: 000007f689286000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80027725f0 NotificationEvent IRP List: fffffa8002c9c670: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736465 Ticks: 4663 (0:00:01:12.743) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff8801728fdd0 Current fffff8801728f900 Base fffff88017290000 Limit fffff8801728a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80030692c0 Cid 0478.0ea8 Teb: 000007f689282000 Win32Thread: fffff90103f78b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003da4c80 SynchronizationEvent fffffa8003da24e0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 34 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff88015895dd0 Current fffff88015895180 Base fffff88015896000 Limit fffff88015890000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001ed3080 Cid 0478.081c Teb: 000007f68929e000 Win32Thread: fffff9010065c780 WAIT: (UserRequest) UserMode Non-Alertable fffffa800204c830 SynchronizationEvent fffffa800263b770 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801715ddd0 Current fffff8801715d180 Base fffff8801715e000 Limit fffff88017158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038e8080 Cid 0478.0a08 Teb: 000007f68928a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001eef1c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174bcdd0 Current fffff880174bc760 Base fffff880174bd000 Limit fffff880174b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002179080 Cid 0478.0180 Teb: 000007f6893cb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017164dd0 Current fffff88017164760 Base fffff88017165000 Limit fffff8801715f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002cc2940 SessionId: 2 Cid: 03e4 Peb: 7f75e65c000 ParentCid: 0288 DirBase: 53f43000 ObjectTable: fffff8a006b98400 HandleCount: Image: RuntimeBroker.exe VadRoot fffffa80036e7a20 Vads 134 Clone 0 Private 643. Modified 34. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a00316a670 ElapsedTime 00:15:16.744 UserTime 00:00:00.093 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 255848 QuotaPoolUsage[NonPagedPool] 17136 Working Set Sizes (now,min,max) (4049, 50, 345) (16196KB, 200KB, 1380KB) PeakWorkingSetSize 4202 VirtualSize 121 Mb PeakVirtualSize 140 Mb PageFaultCount 5826 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 985 Setting context for this process... .process /p /r fffffa8002cc2940 !peb PEB at 000007f75e65c000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f75ed50000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000bd3a531a20 . 000000bd3c2f8a20 Ldr.InLoadOrderModuleList: 000000bd3a531b80 . 000000bd3c2f8a00 Ldr.InMemoryOrderModuleList: 000000bd3a531b90 . 000000bd3c2f8a10 Base TimeStamp Module 7f75ed50000 5010884f Jul 26 00:59:11 2012 C:\Windows\System32\RuntimeBroker.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\Windows\System32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\Windows\System32\bcryptPrimitives.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\Windows\System32\ole32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\Windows\System32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feec390000 50107f23 Jul 26 00:20:03 2012 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\Windows\System32\DPAPI.dll 7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\Windows\System32\IPHLPAPI.DLL 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\Windows\System32\WINNSI.DLL 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\Windows\System32\wlanapi.dll 7feeafc0000 501087a4 Jul 26 00:56:20 2012 C:\Windows\System32\wpnapps.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\UxTheme.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\Windows\System32\apphelp.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\Windows\System32\Bcp47Langs.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\Windows\System32\urlmon.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\Windows\System32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\Windows\System32\SSPICLI.DLL 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\Windows\System32\profapi.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\Windows\System32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\Windows\System32\DNSAPI.dll 7feeaf40000 50108f3e Jul 26 01:28:46 2012 C:\Windows\System32\AuthBroker.dll 7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\WINDOWS\system32\twinui.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\system32\TWINAPI.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\WINDOWS\system32\Windows.UI.Immersive.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\system32\DUI70.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\system32\OLEACC.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\Windows\System32\LINKINFO.dll 7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\Windows\System32\ntshrui.dll 7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\Windows\System32\srvcli.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\Windows\System32\cscapi.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\Windows\System32\WINSTA.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\Windows\System32\slc.dll 7feef950000 501089d7 Jul 26 01:05:43 2012 C:\Windows\System32\wcmapi.dll SubSystemData: 0000000000000000 ProcessHeap: 000000bd3a530000 ProcessParameters: 000000bd3a5311e0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\Windows\System32\RuntimeBroker.exe' ImageFile: 'C:\Windows\System32\RuntimeBroker.exe' CommandLine: 'C:\Windows\System32\RuntimeBroker.exe -Embedding' DllPath: '< Name not readable >' Environment: 000000bd3a530860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001d15900 Cid 03e4.0188 Teb: 000007f75e65e000 Win32Thread: fffff90103fa1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003036fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740064 Ticks: 1064 (0:00:00:16.598) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address RuntimeBroker!wWinMainCRTStartup (0x000007f75ed537d0) Stack Init fffff880159fcdd0 Current fffff880159fc900 Base fffff880159fd000 Limit fffff880159f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80033e2980 Cid 03e4.0e78 Teb: 000007f75e52a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003954900 SynchronizationEvent fffffa8001c9b060 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88003008dd0 Current fffff88003008180 Base fffff88003009000 Limit fffff88003003000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003fb0080 Cid 03e4.0880 Teb: 000007f75e528000 Win32Thread: fffff90100648b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80027a8940 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740565 Ticks: 563 (0:00:00:08.782) Context Switch Count 161 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8800300fdd0 Current fffff8800300f5f0 Base fffff88003010000 Limit fffff8800300a000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003f63080 Cid 03e4.0d74 Teb: 000007f75e658000 Win32Thread: fffff9010434a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 265 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017572dd0 Current fffff88017572760 Base fffff88017573000 Limit fffff8801756d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e07080 Cid 03e4.0ac0 Teb: 000007f75e654000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036f84a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017347dd0 Current fffff880173470f0 Base fffff88017348000 Limit fffff88017342000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018af080 Cid 03e4.09f0 Teb: 000007f75e52e000 Win32Thread: fffff9010419a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 226 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175ccdd0 Current fffff880175cc760 Base fffff880175cd000 Limit fffff880175c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003faf580 Cid 03e4.073c Teb: 000007f75e52c000 Win32Thread: fffff90104118010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003b97990 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736411 Ticks: 4717 (0:00:01:13.585) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff88015e53dd0 Current fffff88015e535f0 Base fffff88015e54000 Limit fffff88015e4e000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002cb2940 SessionId: 2 Cid: 0c80 Peb: 7f6c41dd000 ParentCid: 0288 DeepFreeze DirBase: 2ef45000 ObjectTable: fffff8a002f215c0 HandleCount: Image: iexplore.exe VadRoot fffffa8001db41a0 Vads 277 Clone 0 Private 2247. Modified 3165. Locked 176. DeviceMap fffff8a000290b20 Token fffff8a0006b38c0 ElapsedTime 00:15:05.509 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 428480 QuotaPoolUsage[NonPagedPool] 39952 Working Set Sizes (now,min,max) (39219, 50, 345) (156876KB, 200KB, 1380KB) PeakWorkingSetSize 41317 VirtualSize 210 Mb PeakVirtualSize 219 Mb PageFaultCount 47799 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2314 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8002cb2940 !peb PEB at 000007f6c41dd000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6c49b0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000218c3e1a90 . 0000002191b16690 Ldr.InLoadOrderModuleList: 000000218c3e1bf0 . 0000002191b16670 Ldr.InMemoryOrderModuleList: 000000218c3e1c00 . 0000002191b16680 Base TimeStamp Module 7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll 7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll 7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll 7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\SYSTEM32\windows.ui.dll 7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll 7fee68d0000 50109f6a Jul 26 02:37:46 2012 C:\WINDOWS\SYSTEM32\IEUI.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll 7fee6830000 505a964f Sep 20 05:06:39 2012 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll 7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll 7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\SYSTEM32\d3d10warp.dll 7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\xmllite.dll 7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\system32\dwrite.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll 7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll 7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\SYSTEM32\Msftedit.dll 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\SYSTEM32\MLANG.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\userenv.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\SYSTEM32\DPAPI.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll 7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\SYSTEM32\slc.dll 7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll SubSystemData: 000007fee8ad43f0 ProcessHeap: 000000218c3e0000 ProcessParameters: 000000218c3e11e0 CurrentDirectory: 'C:\Users\Dmitry\Desktop\' WindowTitle: '"C:\Program Files\Internet Explorer\iexplore.exe"' ImageFile: 'C:\Program Files\Internet Explorer\iexplore.exe' CommandLine: '"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer' DllPath: '< Name not readable >' Environment: 000000218c3e0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001e4eb00 Cid 0c80.0514 Teb: 000007f6c41de000 Win32Thread: fffff901000e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e4ede0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 7283 IdealProcessor: 0 UserTime 00:00:00.202 KernelTime 00:00:00.296 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff880155f8dd0 Current fffff880155f8740 Base fffff880155f9000 Limit fffff880155f3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800219c080 Cid 0c80.0d88 Teb: 000007f6c41db000 Win32Thread: fffff90103f206e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800219c360 NotificationEvent Waiting for reply to ALPC Message fffff8a0018c8030 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 6167 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801548ddd0 Current fffff8801548d430 Base fffff8801548e000 Limit fffff88015488000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001c41080 Cid 0c80.056c Teb: 000007f6c41d9000 Win32Thread: fffff90103fc23d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c41360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address iertutil!IsoManagerThreadNonzero_WindowsPump (0x000007fef61831f0) Stack Init fffff88015520dd0 Current fffff8801551fec0 Base fffff88015521000 Limit fffff8801551b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80036922c0 Cid 0c80.0ec8 Teb: 000007f6c41d7000 Win32Thread: fffff90103f68710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80036925a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEFRAME!MTAThread (0x000007fee47c2b10) Stack Init fffff88015573dd0 Current fffff88015572f50 Base fffff88015574000 Limit fffff8801556e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002ccf200 Cid 0c80.0fdc Teb: 000007f6c41d5000 Win32Thread: fffff901006166f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ccf4e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 617 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171c4dd0 Current fffff880171c4530 Base fffff880171c5000 Limit fffff880171bf000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002cee240 Cid 0c80.0fa8 Teb: 000007f6c41d3000 Win32Thread: fffff90103fa79f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cee520 NotificationEvent IRP List: fffffa80041587b0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 529 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155ffdd0 Current fffff880155ff530 Base fffff88015600000 Limit fffff880155fa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002cba240 Cid 0c80.0370 Teb: 000007f6c40ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cba520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015806dd0 Current fffff88015805ec0 Base fffff88015807000 Limit fffff88015801000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002cb9200 Cid 0c80.0f58 Teb: 000007f6c40aa000 Win32Thread: fffff901000e0580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cb94e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff88015814dd0 Current fffff88015813ec0 Base fffff88015815000 Limit fffff8801580f000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002caa080 Cid 0c80.0e64 Teb: 000007f6c40a8000 Win32Thread: fffff9010060b010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002caa360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEFRAME!MTACoreApplicationThread (0x000007fee48a5f70) Stack Init fffff88015822dd0 Current fffff88015821f50 Base fffff88015823000 Limit fffff8801581d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800363c080 Cid 0c80.0038 Teb: 000007f6c40a6000 Win32Thread: fffff9010060b580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800363c360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801581bdd0 Current fffff8801581af50 Base fffff8801581c000 Limit fffff88015816000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80018bc240 Cid 0c80.0f50 Teb: 000007f6c40a4000 Win32Thread: fffff901006135f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018bc520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801589cdd0 Current fffff8801589c530 Base fffff8801589d000 Limit fffff88015897000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003610080 Cid 0c80.0e54 Teb: 000007f6c40a2000 Win32Thread: fffff90103fc29f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003610360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880158aadd0 Current fffff880158a9f50 Base fffff880158ab000 Limit fffff880158a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002db7900 Cid 0c80.0c9c Teb: 000007f6c40a0000 Win32Thread: fffff901006ab680 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002db7be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 473 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b1dd0 Current fffff880158b1530 Base fffff880158b2000 Limit fffff880158ac000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800210a780 Cid 0c80.0650 Teb: 000007f6c409a000 Win32Thread: fffff901006bb010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800210aa60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 3877 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158a3dd0 Current fffff880158a3530 Base fffff880158a4000 Limit fffff8801589e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d65240 Cid 0c80.0f40 Teb: 000007f6c4098000 Win32Thread: fffff901000d4010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d65520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 122 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff880158c6dd0 Current fffff880158c5ec0 Base fffff880158c7000 Limit fffff880158c1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002d52200 Cid 0c80.0ad8 Teb: 000007f6c4094000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d524e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158cddd0 Current fffff880158cd530 Base fffff880158ce000 Limit fffff880158c8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d53240 Cid 0c80.0dec Teb: 000007f6c4092000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d53520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1073 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155e3dd0 Current fffff880155e3530 Base fffff880155e4000 Limit fffff880155de000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e70340 Cid 0c80.0c40 Teb: 000007f6c40ac000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e70620 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88016407dd0 Current fffff880164075b0 Base fffff88016408000 Limit fffff88016402000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003b84b00 Cid 0c80.0978 Teb: 000007f6c409e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003b84de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88016342dd0 Current fffff880163426d0 Base fffff88016343000 Limit fffff8801633d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d7d4c0 Cid 0c80.0af0 Teb: 000007f6c409c000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d7d7a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015141dd0 Current fffff88015141530 Base fffff88015142000 Limit fffff8801513c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001f5b900 Cid 0c80.0944 Teb: 000007f6c4096000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001f5bbe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff8801515ddd0 Current fffff8801515d570 Base fffff8801515e000 Limit fffff88015158000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8003816940 SessionId: 2 Cid: 0d04 Peb: 7f6c3aca000 ParentCid: 0c80 DeepFreeze DirBase: 34024000 ObjectTable: fffff8a001749a00 HandleCount: Image: iexplore.exe VadRoot fffffa80036e0ad0 Vads 520 Clone 0 Private 9065. Modified 19575. Locked 728. DeviceMap fffff8a000290b20 Token fffff8a002d4c500 ElapsedTime 00:15:04.230 UserTime 00:00:00.202 KernelTime 00:00:00.109 QuotaPoolUsage[PagedPool] 477096 QuotaPoolUsage[NonPagedPool] 81152 Working Set Sizes (now,min,max) (50713, 50, 345) (202852KB, 200KB, 1380KB) PeakWorkingSetSize 51043 VirtualSize 300 Mb PeakVirtualSize 357 Mb PageFaultCount 148600 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 9242 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8003816940 !peb PEB at 000007f6c3aca000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6c49b0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 0000002279c61b60 . 000000227f741320 Ldr.InLoadOrderModuleList: 0000002279c61cc0 . 000000227f741300 Ldr.InMemoryOrderModuleList: 0000002279c61cd0 . 000000227f741310 Base TimeStamp Module 7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll 7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7fee68d0000 50109f6a Jul 26 02:37:46 2012 C:\WINDOWS\SYSTEM32\IEUI.dll 7fee34e0000 505aa515 Sep 20 06:09:41 2012 C:\WINDOWS\SYSTEM32\MSHTML.dll 7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\SYSTEM32\d2d1.dll 7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\SYSTEM32\DWrite.dll 7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll 7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll 7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\SYSTEM32\igd10umd64.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\SYSTEM32\windows.ui.dll 7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll 7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\SYSTEM32\MLANG.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\WINDOWS\SYSTEM32\cryptnet.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL 7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\SYSTEM32\webio.dll 7fee69c0000 505a9b06 Sep 20 05:26:46 2012 C:\Windows\System32\jscript9.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll 7fef02c0000 5010877e Jul 26 00:55:42 2012 C:\WINDOWS\system32\windowscodecsext.dll 7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll 7fee5950000 501080fa Jul 26 00:27:54 2012 C:\Windows\System32\ieapfltr.dll 7fef3650000 5010880a Jul 26 00:58:02 2012 C:\WINDOWS\system32\msimtf.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\SYSTEM32\OLEACC.DLL 7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll 7fee9980000 5010a9e8 Jul 26 03:22:32 2012 C:\WINDOWS\SYSTEM32\msls31.dll 7fee92d0000 50109356 Jul 26 01:46:14 2012 C:\Windows\System32\PlayToManager.dll 7fee58c0000 5010801c Jul 26 00:24:12 2012 C:\Windows\System32\Windows.Graphics.Printing.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll 7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll 7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\SYSTEM32\D3D10Warp.dll 7fef1130000 50108750 Jul 26 00:54:56 2012 C:\Windows\System32\uiautomationcore.dll SubSystemData: 0000000000000000 ProcessHeap: 0000002279c60000 ProcessParameters: 0000002279c612a0 CurrentDirectory: 'C:\Users\Dmitry\Desktop\' WindowTitle: 'C:\Program Files\Internet Explorer\iexplore.exe' ImageFile: 'C:\Program Files\Internet Explorer\iexplore.exe' CommandLine: '"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3200 CREDAT:267777 /prefetch:1' DllPath: '< Name not readable >' Environment: 0000002279c8f9b0 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HKCU_S=\REGISTRY\CUSER\Software HKLM_S=\REGISTRY\MACHINE\Software HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC\Temp TMP=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8002ca7080 Cid 0d04.0968 Teb: 000007f6c3ace000 Win32Thread: fffff90103fa73d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ca7360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff8801580ddd0 Current fffff8801580cec0 Base fffff8801580e000 Limit fffff88015808000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8004154080 Cid 0d04.08f8 Teb: 000007f6c3ac8000 Win32Thread: fffff901006b9b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004154360 NotificationEvent Waiting for reply to ALPC Message fffff8a006909990 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 670 IdealProcessor: 0 UserTime 00:00:00.109 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801631fdd0 Current fffff8801631f430 Base fffff88016320000 Limit fffff8801631a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001dd6b00 Cid 0d04.0728 Teb: 000007f6c3ac6000 Win32Thread: fffff901006b7860 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dd6de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880162afdd0 Current fffff880162aeec0 Base fffff880162b0000 Limit fffff880162aa000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001decb00 Cid 0d04.0c54 Teb: 000007f6c399e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001decde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016326dd0 Current fffff88016325ec0 Base fffff88016327000 Limit fffff88016321000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800415a5c0 Cid 0d04.0f90 Teb: 000007f6c399c000 Win32Thread: fffff901006a9830 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800415a8a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12394 IdealProcessor: 0 UserTime 00:00:02.683 KernelTime 00:00:00.811 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880162bddd0 Current fffff880162bd540 Base fffff880162be000 Limit fffff880162b8000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001e58b00 Cid 0d04.0c70 Teb: 000007f6c3998000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e58de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 256 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016229dd0 Current fffff880162296d0 Base fffff8801622a000 Limit fffff88016224000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001e52b00 Cid 0d04.085c Teb: 000007f6c3996000 Win32Thread: fffff901000e0b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e52de0 NotificationEvent IRP List: fffffa80018ed010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 542 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161f0dd0 Current fffff880161f0530 Base fffff880161f1000 Limit fffff880161eb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa800418ab00 Cid 0d04.0de0 Teb: 000007f6c3994000 Win32Thread: fffff901006c7b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418ade0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 229 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161dbdd0 Current fffff880161db530 Base fffff880161dc000 Limit fffff880161d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa800418a380 Cid 0d04.0f74 Teb: 000007f6c3990000 Win32Thread: fffff901006c5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418a660 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 220 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016237dd0 Current fffff88016237530 Base fffff88016238000 Limit fffff88016232000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001c3e3c0 Cid 0d04.0864 Teb: 000007f6c398e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c3e6a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff8801637add0 Current fffff8801637a570 Base fffff8801637b000 Limit fffff88016375000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001e74080 Cid 0d04.0e60 Teb: 000007f6c398c000 Win32Thread: fffff901006bd010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e74360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 54 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017211dd0 Current fffff880172116d0 Base fffff88017212000 Limit fffff8801720c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80026a3b00 Cid 0d04.0cc0 Teb: 000007f6c398a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80026a3de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158e9dd0 Current fffff880158e9530 Base fffff880158ea000 Limit fffff880158e4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002064080 Cid 0d04.0fe0 Teb: 000007f6c3986000 Win32Thread: fffff901006d3010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002064360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 195 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016400dd0 Current fffff880163fff50 Base fffff88016401000 Limit fffff880163fb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8004050b00 Cid 0d04.0b5c Teb: 000007f6c3984000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004050de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 104 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880172f2dd0 Current fffff880172f1f50 Base fffff880172f3000 Limit fffff880172ed000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001d27080 Cid 0d04.0c4c Teb: 000007f6c3982000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d27360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 686 IdealProcessor: 0 UserTime 00:00:00.405 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88014f2cdd0 Current fffff88014f2c6d0 Base fffff88014f2d000 Limit fffff88014f27000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002d24240 Cid 0d04.0cec Teb: 000007f6c3980000 Win32Thread: fffff901006d3b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d24520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 156 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.031 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880158dbdd0 Current fffff880158daf50 Base fffff880158dc000 Limit fffff880158d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80020b8b00 Cid 0d04.0a4c Teb: 000007f6c397c000 Win32Thread: fffff901006d5010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80020b8de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 153 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880154f6dd0 Current fffff880154f63c0 Base fffff880154f7000 Limit fffff880154f1000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8001dfb080 Cid 0d04.0c6c Teb: 000007f6c397a000 Win32Thread: fffff9010069bb90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dfb360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88015948dd0 Current fffff880159486d0 Base fffff88015949000 Limit fffff88015943000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003629900 Cid 0d04.05a0 Teb: 000007f6c3978000 Win32Thread: fffff901006d5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003629be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1296 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880158e2dd0 Current fffff880158e1f50 Base fffff880158e3000 Limit fffff880158dd000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800404cb00 Cid 0d04.0508 Teb: 000007f6c3976000 Win32Thread: fffff90103fe5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800404cde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88017248dd0 Current fffff88017247f50 Base fffff88017249000 Limit fffff88017243000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800398db00 Cid 0d04.03ac Teb: 000007f6c3974000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800398dde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea0dd0 Current fffff88015ea0530 Base fffff88015ea1000 Limit fffff88015e9b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa800200f480 Cid 0d04.0398 Teb: 000007f6c399a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800200f760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8800319bdd0 Current fffff8800319b5b0 Base fffff8800319c000 Limit fffff88003196000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8001f7b7c0 SessionId: 2 Cid: 0e74 Peb: 7f6c39d9000 ParentCid: 0c80 DeepFreeze DirBase: 6772a000 ObjectTable: fffff8a0084321c0 HandleCount: Image: iexplore.exe VadRoot fffffa800388ba00 Vads 97 Clone 0 Private 364. Modified 1. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0068d58c0 ElapsedTime 00:14:58.099 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 221744 QuotaPoolUsage[NonPagedPool] 12656 Working Set Sizes (now,min,max) (2105, 50, 345) (8420KB, 200KB, 1380KB) PeakWorkingSetSize 2113 VirtualSize 111 Mb PeakVirtualSize 113 Mb PageFaultCount 2275 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 610 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8001f7b7c0 !peb PEB at 000007f6c39d9000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6c49b0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000047cd5c1a90 . 00000047cd5ebd60 Ldr.InLoadOrderModuleList: 00000047cd5c1bf0 . 00000047cd5ebd40 Ldr.InMemoryOrderModuleList: 00000047cd5c1c00 . 00000047cd5ebd50 Base TimeStamp Module 7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll 7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll SubSystemData: 0000000000000000 ProcessHeap: 00000047cd5c0000 ProcessParameters: 00000047cd5c11e0 CurrentDirectory: 'C:\Users\Dmitry\Desktop\' WindowTitle: 'C:\Program Files\Internet Explorer\iexplore.exe' ImageFile: 'C:\Program Files\Internet Explorer\iexplore.exe' CommandLine: '"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3200 CREDAT:5377 /prefetch:1' DllPath: '< Name not readable >' Environment: 00000047cd5e9dd0 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HKCU_S=\REGISTRY\CUSER\Software HKLM_S=\REGISTRY\MACHINE\Software HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp\Low TMP=C:\Users\Dmitry\AppData\Local\Temp\Low USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001d50700 Cid 0e74.0184 Teb: 000007f6c39de000 Win32Thread: fffff90103fed5e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d509e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff880171f5dd0 Current fffff880171f4ec0 Base fffff880171f6000 Limit fffff880171f0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80018ffb00 Cid 0e74.0b44 Teb: 000007f6c39dc000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018ffde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 52 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017076dd0 Current fffff880170766d0 Base fffff88017077000 Limit fffff88017071000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800377f080 Cid 0e74.0844 Teb: 000007f6c39da000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800377f360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dc8dd0 Current fffff88003dc8530 Base fffff88003dc9000 Limit fffff88003dc3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003eff080 Cid 0e74.00e0 Teb: 000007f6c39d7000 Win32Thread: fffff901006e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003eff360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff8801700ddd0 Current fffff8801700cec0 Base fffff8801700e000 Limit fffff88017008000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8003e46080 Cid 0e74.0a0c Teb: 000007f6c38ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003e46360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8801615ddd0 Current fffff8801615d5b0 Base fffff8801615e000 Limit fffff88016158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002d74180 SessionId: 2 Cid: 0ca0 Peb: 7f770b7f000 ParentCid: 0d68 DirBase: 08818000 ObjectTable: fffff8a001f18d80 HandleCount: Image: Taskmgr.exe VadRoot fffffa8003e9d1e0 Vads 239 Clone 0 Private 2297. Modified 243564. Locked 0. DeviceMap fffff8a007e2e6a0 Token fffff8a007e3b8c0 ElapsedTime 00:10:57.072 UserTime 00:00:11.325 KernelTime 00:00:26.878 QuotaPoolUsage[PagedPool] 482336 QuotaPoolUsage[NonPagedPool] 31280 Working Set Sizes (now,min,max) (7136, 50, 345) (28544KB, 200KB, 1380KB) PeakWorkingSetSize 7337 VirtualSize 216 Mb PeakVirtualSize 343 Mb PageFaultCount 51873 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2905 Setting context for this process... .process /p /r fffffa8002d74180 !peb PEB at 000007f770b7f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f770dd0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000f06e9b1a10 . 000000f070e6d150 Ldr.InLoadOrderModuleList: 000000f06e9b1b70 . 000000f070e6d130 Ldr.InMemoryOrderModuleList: 000000f06e9b1b80 . 000000f070e6d140 Base TimeStamp Module 7f770dd0000 50107c26 Jul 26 00:07:18 2012 C:\WINDOWS\system32\taskmgr.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\UxTheme.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef1750000 5010969b Jul 26 02:00:11 2012 C:\WINDOWS\system32\credui.dll 7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\system32\DUser.dll 7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\system32\DUI70.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll 7feebbe0000 501089d1 Jul 26 01:05:37 2012 C:\WINDOWS\system32\srumapi.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll 7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll 7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll 7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\WindowsCodecs.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\system32\OLEACC.dll 7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL 7fef1740000 5010ac6c Jul 26 03:33:16 2012 C:\WINDOWS\system32\wlanutil.dll 7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\wlanapi.dll 7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7feed830000 501080ee Jul 26 00:27:42 2012 C:\Windows\System32\thumbcache.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\Windows\System32\PROPSYS.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll 7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll 7fef31b0000 50108834 Jul 26 00:58:44 2012 C:\WINDOWS\system32\dbghelp.dll 7feeb770000 50109564 Jul 26 01:55:00 2012 C:\WINDOWS\System32\cscui.dll 7fef30c0000 5010a9be Jul 26 03:21:50 2012 C:\WINDOWS\System32\CSCDLL.dll 7fef30d0000 5010a183 Jul 26 02:46:43 2012 C:\WINDOWS\System32\cscobj.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll 7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\CSCAPI.dll 7fee72f0000 50109745 Jul 26 02:03:01 2012 C:\Windows\System32\EhStorShell.dll 7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SSPICLI.DLL 7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll SubSystemData: 0000000000000000 ProcessHeap: 000000f06e9b0000 ProcessParameters: 000000f06e9b11e0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\taskmgr.exe' ImageFile: 'C:\WINDOWS\system32\taskmgr.exe' CommandLine: '"C:\WINDOWS\system32\taskmgr.exe" /4' DllPath: '< Name not readable >' Environment: 000000f06e9b0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8003db4740 Cid 0ca0.03e0 Teb: 000007f770b7d000 Win32Thread: fffff90104094830 RUNNING on processor 0 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 31359 IdealProcessor: 0 UserTime 00:00:09.859 KernelTime 00:00:07.394 Win32 Start Address taskmgr!wWinMainCRTStartup (0x000007f770e68688) Stack Init fffff88015925dd0 Current fffff88015925800 Base fffff88015926000 Limit fffff88015920000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80039dfb00 Cid 0ca0.0564 Teb: 000007f770b7b000 Win32Thread: fffff90103f44710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003665fe0 SynchronizationEvent fffffa8002cc1d30 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699020 Ticks: 42108 (0:00:10:56.889) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880155d5dd0 Current fffff880155d5180 Base fffff880155d6000 Limit fffff880155d0000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003253b00 Cid 0ca0.0d64 Teb: 000007f770b79000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800307aca0 NotificationEvent fffffa80036357a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 653 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159dadd0 Current fffff880159da180 Base fffff880159db000 Limit fffff880159d5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003b45b00 Cid 0ca0.0824 Teb: 000007f770b77000 Win32Thread: fffff90103f5cb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003612250 NotificationEvent fffffa8002cb6890 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2818 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.124 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801595ddd0 Current fffff8801595d180 Base fffff8801595e000 Limit fffff88015958000 Call 0 Priority 13 BasePriority 10 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80018eab00 Cid 0ca0.0888 Teb: 000007f770b75000 Win32Thread: fffff90103ff8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c81ca0 NotificationEvent fffffa80036767a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 4747 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801594fdd0 Current fffff8801594f180 Base fffff88015950000 Limit fffff8801594a000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80033f63c0 Cid 0ca0.0e28 Teb: 000007f770b73000 Win32Thread: fffff901006bb710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040844b0 NotificationEvent fffffa8002e58710 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699023 Ticks: 42105 (0:00:10:56.842) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159ccdd0 Current fffff880159cc180 Base fffff880159cd000 Limit fffff880159c7000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f075c0 Cid 0ca0.06d4 Teb: 000007f770a4c000 Win32Thread: fffff901040b5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d94de0 NotificationEvent fffffa800371fc70 SynchronizationEvent fffffa8002d704f0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 19727 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!TmTraceControl::IncrementThread (0x000007f770df1fc4) Stack Init fffff880159efdd0 Current fffff880159ef180 Base fffff880159f0000 Limit fffff880159ea000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003f23b00 Cid 0ca0.0db8 Teb: 000007f770a4a000 Win32Thread: fffff90103fa5610 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d1420 NotificationEvent fffffa80036c8cb0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 811 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!CRUMAPIHelper::SrumThread (0x000007f770e0db10) Stack Init fffff88015e0ddd0 Current fffff88015e0d180 Base fffff88015e0e000 Limit fffff88015e08000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa800404a080 Cid 0ca0.0c88 Teb: 000007f770a48000 Win32Thread: fffff901006b9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c95500 NotificationEvent fffffa8003f37990 SynchronizationEvent fffffa800409e6c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699025 Ticks: 42103 (0:00:10:56.811) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e22dd0 Current fffff88015e22180 Base fffff88015e23000 Limit fffff88015e1d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001de0b00 Cid 0ca0.0c84 Teb: 000007f770a46000 Win32Thread: fffff9010065f010 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372dc50 NotificationEvent fffffa80041961c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2887 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e29dd0 Current fffff88015e29180 Base fffff88015e2a000 Limit fffff88015e24000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80039d3b00 Cid 0ca0.07e4 Teb: 000007f770a44000 Win32Thread: fffff901040e2530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002067370 SynchronizationEvent fffffa8003f46e10 NotificationEvent fffffa800205cce0 SynchronizationEvent fffffa8003826490 SynchronizationEvent fffffa8003ee0dc0 SynchronizationEvent fffffa80030959b8 NotificationEvent fffffa800362fd18 NotificationEvent IRP List: fffffa800211ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800198a360: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699048 Ticks: 42080 (0:00:10:56.452) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e3edd0 Current fffff88015e3e180 Base fffff88015e3f000 Limit fffff88015e39000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d01200 Cid 0ca0.0a9c Teb: 000007f770a42000 Win32Thread: fffff901040f7b90 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 565 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e4cdd0 Current fffff88015e4c760 Base fffff88015e4d000 Limit fffff88015e47000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80040036c0 Cid 0ca0.0244 Teb: 000007f770a3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80021566a0 SynchronizationEvent fffffa8002cd3ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1896 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcServiceCache::s_InformClientsThread (0x000007f770e07be4) Stack Init fffff88015f10dd0 Current fffff88015f10180 Base fffff88015f11000 Limit fffff88015f0b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8002198b00 Cid 0ca0.0aa4 Teb: 000007f770a36000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003798d80 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15715946 Ticks: 25182 (0:00:06:32.841) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160eddd0 Current fffff880160ed760 Base fffff880160ee000 Limit fffff880160e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001f3b080 Cid 0ca0.0d2c Teb: 000007f770a4e000 Win32Thread: fffff90103f2ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e0220 SynchronizationEvent fffffa8003da2630 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2113 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcProcessMonitor::HangDetectionThread (0x000007f770e01354) Stack Init fffff88016222dd0 Current fffff88016222180 Base fffff88016223000 Limit fffff8801621d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa8003bbdb00 Cid 0ca0.0ae8 Teb: 000007f770a3a000 Win32Thread: fffff90103f6e530 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 7261 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150c3dd0 Current fffff880150c3760 Base fffff880150c4000 Limit fffff880150be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e74b00 Cid 0ca0.0c34 Teb: 000007f770a34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e58460 SynchronizationTimer Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880173bedd0 Current fffff880173be0f0 Base fffff880173bf000 Limit fffff880173b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 THREAD fffffa80020b5900 Cid 0ca0.0154 Teb: 000007f770a40000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e29dd0 Current fffff88014e29760 Base fffff88014e2a000 Limit fffff88014e24000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8001e0f740 SessionId: 2 Cid: 0d7c Peb: 7f65412f000 ParentCid: 0c78 DirBase: 0e165000 ObjectTable: fffff8a00055ff00 HandleCount: Image: notepad.exe VadRoot fffffa80038c6d30 Vads 55 Clone 0 Private 228. Modified 4. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0018dc8c0 ElapsedTime 00:05:13.216 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 191120 QuotaPoolUsage[NonPagedPool] 6912 Working Set Sizes (now,min,max) (1311, 50, 345) (5244KB, 200KB, 1380KB) PeakWorkingSetSize 1311 VirtualSize 93 Mb PeakVirtualSize 97 Mb PageFaultCount 1348 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 315 Job fffffa8003e3ea30 Setting context for this process... .process /p /r fffffa8001e0f740 !peb PEB at 000007f65412f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f654c30000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000554ff41a10 . 000000554ff48cb0 Ldr.InLoadOrderModuleList: 000000554ff41b70 . 000000554ff48c90 Ldr.InMemoryOrderModuleList: 000000554ff41b80 . 000000554ff48ca0 Base TimeStamp Module 7f654c30000 501099bc Jul 26 02:13:32 2012 C:\WINDOWS\system32\notepad.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\COMDLG32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll SubSystemData: 0000000000000000 ProcessHeap: 000000554ff40000 ProcessParameters: 000000554ff411e0 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\notepad.exe' ImageFile: 'C:\WINDOWS\system32\notepad.exe' CommandLine: '"C:\WINDOWS\system32\notepad.exe" ' DllPath: '< Name not readable >' Environment: 000000554ff40860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001ec4b00 Cid 0d7c.0bc4 Teb: 000007f65412d000 Win32Thread: fffff90104165010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003808f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001e0f740 Image: notepad.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address notepad!WinMainCRTStartup (0x000007f654c35a40) Stack Init fffff88015856dd0 Current fffff880158565f0 Base fffff88015857000 Limit fffff88015851000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 PROCESS fffffa8001d54580 SessionId: 0 Cid: 0f98 Peb: 7f76acaa000 ParentCid: 0220 DirBase: 18acb000 ObjectTable: fffff8a0022e3980 HandleCount: Image: msiexec.exe VadRoot fffffa8003b87d70 Vads 148 Clone 0 Private 861. Modified 257. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a002c74930 ElapsedTime 00:03:36.886 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 111448 QuotaPoolUsage[NonPagedPool] 18944 Working Set Sizes (now,min,max) (2268, 50, 345) (9072KB, 200KB, 1380KB) PeakWorkingSetSize 2278 VirtualSize 208 Mb PeakVirtualSize 209 Mb PageFaultCount 2621 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3725 Setting context for this process... .process /p /r fffffa8001d54580 !peb PEB at 000007f76acaa000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f76b130000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000552fa91980 . 000000552fad23f0 Ldr.InLoadOrderModuleList: 000000552fa91ae0 . 000000552fad23d0 Ldr.InMemoryOrderModuleList: 000000552fa91af0 . 000000552fad23e0 Base TimeStamp Module 7f76b130000 5010a4a3 Jul 26 03:00:03 2012 C:\WINDOWS\system32\msiexec.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll 7feee3b0000 505aa251 Sep 20 05:57:53 2012 C:\WINDOWS\AppPatch\AppPatch64\AcLayers.DLL 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7feebf20000 5010ac3d Jul 26 03:32:29 2012 C:\WINDOWS\system32\sfc.dll 7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\system32\sfc_os.DLL 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.DLL 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feee290000 505a9411 Sep 20 04:57:05 2012 C:\WINDOWS\system32\AppxDeploymentServer.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll 7fef3690000 50108798 Jul 26 00:56:08 2012 C:\WINDOWS\system32\tdh.dll 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll 7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\system32\wevtapi.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\Bcrypt.dll SubSystemData: 0000000000000000 ProcessHeap: 000000552fa90000 ProcessParameters: 000000552fa91170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\msiexec.exe' ImageFile: 'C:\WINDOWS\system32\msiexec.exe' CommandLine: 'C:\WINDOWS\system32\msiexec.exe /V' DllPath: '< Name not readable >' Environment: 000000552fa90860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa8004165b00 Cid 0f98.0790 Teb: 000007f76acae000 Win32Thread: fffff901006a7570 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2c290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727297 Ticks: 13831 (0:00:03:35.764) Context Switch Count 56 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address msiexec!WinMainCRTStartup (0x000007f76b145308) Stack Init fffff88016559dd0 Current fffff88016559900 Base fffff8801655a000 Limit fffff88016554000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002ca9700 Cid 0f98.0f80 Teb: 000007f76acac000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 589 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016589dd0 Current fffff88016589760 Base fffff8801658a000 Limit fffff88016584000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80020ffb00 Cid 0f98.0bc8 Teb: 000007f76aca4000 Win32Thread: fffff90100699b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d1f5a0 NotificationTimer fffffa800364f950 NotificationEvent fffffa8001e374f0 SynchronizationEvent fffffa80037ce180 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727303 Ticks: 13825 (0:00:03:35.671) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msiexec!ServiceThreadMain (0x000007f76b13b560) Stack Init fffff880165c2dd0 Current fffff880165c2180 Base fffff880165c3000 Limit fffff880165bd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018f13c0 Cid 0f98.0074 Teb: 000007f76ab7e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dc54d0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727582 Ticks: 13546 (0:00:03:31.318) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880165d8dd0 Current fffff880165d8900 Base fffff880165d9000 Limit fffff880165d3000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e8ab00 Cid 0f98.0f38 Teb: 000007f76ab7c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f03060 SynchronizationEvent fffffa8002d50810 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727322 Ticks: 13806 (0:00:03:35.374) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880165e6dd0 Current fffff880165e6180 Base fffff880165e7000 Limit fffff880165e1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80020915c0 Cid 0f98.0f7c Teb: 000007f76ab78000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800181af80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727325 Ticks: 13803 (0:00:03:35.328) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165dfdd0 Current fffff880165df760 Base fffff880165e0000 Limit fffff880165da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bdab00 Cid 0f98.02fc Teb: 000007f76aca8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015022dd0 Current fffff88015022760 Base fffff88015023000 Limit fffff8801501d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa80033bb940 SessionId: 2 Cid: 0a50 Peb: 7f71da5f000 ParentCid: 0d68 DirBase: 1348e000 ObjectTable: fffff8a00303f300 HandleCount: Image: mspaint.exe VadRoot fffffa8002778510 Vads 382 Clone 0 Private 1917. Modified 4. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a001e5f3d0 ElapsedTime 00:03:23.857 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 246176 QuotaPoolUsage[NonPagedPool] 48832 Working Set Sizes (now,min,max) (4508, 50, 345) (18032KB, 200KB, 1380KB) PeakWorkingSetSize 4593 VirtualSize 129 Mb PeakVirtualSize 133 Mb PageFaultCount 6008 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2145 Setting context for this process... .process /p /r fffffa80033bb940 !peb PEB at 000007f71da5f000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f71e310000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000058e27c1a90 . 00000058e27e8610 Ldr.InLoadOrderModuleList: 00000058e27c1bf0 . 00000058e27e85f0 Ldr.InMemoryOrderModuleList: 00000058e27c1c00 . 00000058e27e8600 Base TimeStamp Module 7f71e310000 501095b7 Jul 26 01:56:23 2012 C:\WINDOWS\system32\mspaint.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7feee130000 5010908a Jul 26 01:34:18 2012 C:\WINDOWS\system32\MFC42u.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\COMDLG32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef1070000 501086a8 Jul 26 00:52:08 2012 C:\WINDOWS\system32\WINMM.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7feee070000 50109fd3 Jul 26 02:39:31 2012 C:\WINDOWS\system32\ODBC32.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7feedb10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\system32\WINMMBASE.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\system32\MSFTEDIT.DLL 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fee30c0000 5010908d Jul 26 01:34:21 2012 C:\WINDOWS\system32\UIRibbon.dll 7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7feec320000 5010a159 Jul 26 02:46:01 2012 C:\Windows\System32\sti.dll 7fef0f20000 5010a9dd Jul 26 03:22:21 2012 C:\WINDOWS\system32\wiatrace.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll 7fee5790000 5010ac85 Jul 26 03:33:41 2012 C:\WINDOWS\system32\UIRibbonRes.dll 7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll 7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll SubSystemData: 0000000000000000 ProcessHeap: 00000058e27c0000 ProcessParameters: 00000058e27c1210 CurrentDirectory: 'C:\WINDOWS\System32\' WindowTitle: 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk' ImageFile: 'C:\WINDOWS\system32\mspaint.exe' CommandLine: '"C:\WINDOWS\system32\mspaint.exe" ' DllPath: '< Name not readable >' Environment: 00000058e27c0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Temp TMP=C:\Users\Dmitry\AppData\Local\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8003e87b00 Cid 0a50.0e50 Teb: 000007f71da5d000 Win32Thread: fffff9010419c7a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002cfe830 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6061 IdealProcessor: 0 UserTime 00:00:01.154 KernelTime 00:00:00.639 Win32 Start Address mspaint!wWinMainCRTStartup (0x000007f71e33df00) Stack Init fffff88016318dd0 Current fffff880163185f0 Base fffff88016319000 Limit fffff88016313000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80027dfb00 Cid 0a50.0d20 Teb: 000007f71da5b000 Win32Thread: fffff90104195010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040dcd70 NotificationEvent fffffa8003feb710 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728106 Ticks: 13022 (0:00:03:23.144) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address gdiplus!DllRefCountSafeThreadThunk (0x000007fef6381b90) Stack Init fffff880170e6dd0 Current fffff880170e6180 Base fffff880170e7000 Limit fffff880170e1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039dab00 Cid 0a50.09a4 Teb: 000007f71da59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170fbdd0 Current fffff880170fb760 Base fffff880170fc000 Limit fffff880170f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa800201e080 Cid 0a50.0384 Teb: 000007f71da55000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003669320 SynchronizationEvent fffffa8001cbd2e0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15739900 Ticks: 1228 (0:00:00:19.156) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017141dd0 Current fffff88017141180 Base fffff88017142000 Limit fffff8801713c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8002d30600 Cid 0a50.0020 Teb: 000007f71da53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001972e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sti!WiaEventReceiver::EventThreadProc (0x000007feec322860) Stack Init fffff880172f9dd0 Current fffff880172f9900 Base fffff880172fa000 Limit fffff880172f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c25900 Cid 0a50.0b88 Teb: 000007f71da57000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150e6dd0 Current fffff880150e6760 Base fffff880150e7000 Limit fffff880150e1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa80030a6540 SessionId: 0 Cid: 02e4 Peb: 7f6fad17000 ParentCid: 0220 DirBase: 1708f000 ObjectTable: fffff8a0085c6f00 HandleCount: Image: svchost.exe VadRoot fffffa80036344d0 Vads 71 Clone 0 Private 291. Modified 0. Locked 0. DeviceMap fffff8a002487200 Token fffff8a0022f9060 ElapsedTime 00:03:22.172 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 74592 QuotaPoolUsage[NonPagedPool] 9152 Working Set Sizes (now,min,max) (1365, 50, 345) (5460KB, 200KB, 1380KB) PeakWorkingSetSize 1375 VirtualSize 36 Mb PeakVirtualSize 37 Mb PageFaultCount 1459 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 384 Setting context for this process... .process /p /r fffffa80030a6540 !peb PEB at 000007f6fad17000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6fb7a0000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000114c231a20 . 000000114c271dd0 Ldr.InLoadOrderModuleList: 000000114c231b80 . 000000114c271db0 Ldr.InMemoryOrderModuleList: 000000114c231b90 . 000000114c271dc0 Base TimeStamp Module 7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7feedfe0000 501094f4 Jul 26 01:53:08 2012 c:\windows\system32\wiaservc.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll 7fef0f20000 5010a9dd Jul 26 03:22:21 2012 C:\WINDOWS\system32\wiatrace.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll 7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL 7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll 7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll 7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\cfgmgr32.dll 7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll 7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7feec320000 5010a159 Jul 26 02:46:01 2012 C:\Windows\System32\sti.dll 7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll SubSystemData: 0000000000000000 ProcessHeap: 000000114c230000 ProcessParameters: 000000114c231200 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\svchost.exe' ImageFile: 'C:\WINDOWS\system32\svchost.exe' CommandLine: 'C:\WINDOWS\system32\svchost.exe -k imgsvc' DllPath: '< Name not readable >' Environment: 000000114c230860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp USERDOMAIN=NT AUTHORITY USERNAME=LOCAL SERVICE USERPROFILE=C:\Windows\ServiceProfiles\LocalService windir=C:\WINDOWS THREAD fffffa80031ffb00 Cid 02e4.00ac Teb: 000007f6fad1e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003835f10 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728189 Ticks: 12939 (0:00:03:21.849) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880171e0dd0 Current fffff880171e0900 Base fffff880171e1000 Limit fffff880171db000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002064680 Cid 02e4.0ed8 Teb: 000007f6fad1a000 Win32Thread: fffff901006c1710 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017256dd0 Current fffff88017256760 Base fffff88017257000 Limit fffff88017251000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c38b00 Cid 02e4.0040 Teb: 000007f6fad18000 Win32Thread: fffff901006f8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d729f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728195 Ticks: 12933 (0:00:03:21.756) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801725ddd0 Current fffff8801725d900 Base fffff8801725e000 Limit fffff88017258000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d5a700 Cid 02e4.03a8 Teb: 000007f6fad15000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c341f0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728188 Ticks: 12940 (0:00:03:21.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wiaservc!SchedulerThread (0x000007feee027388) Stack Init fffff88017288dd0 Current fffff880172880f0 Base fffff88017289000 Limit fffff88017283000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001d17b00 Cid 02e4.0b50 Teb: 000007f6fad13000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040bc950 SynchronizationEvent fffffa8002dd08d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728190 Ticks: 12938 (0:00:03:21.834) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wiaservc!SCMControlHandler::ControlThread (0x000007feee01de04) Stack Init fffff88017275dd0 Current fffff88017275180 Base fffff88017276000 Limit fffff88017270000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037da740 Cid 02e4.0158 Teb: 000007f6fabea000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017311dd0 Current fffff88017311760 Base fffff88017312000 Limit fffff8801730c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 PROCESS fffffa8002d6c540 SessionId: 0 Cid: 0e80 Peb: 7f7d3e2e000 ParentCid: 0288 DirBase: 50bb1000 ObjectTable: fffff8a0008fc200 HandleCount: Image: WmiPrvSE.exe VadRoot fffffa80027e5d20 Vads 66 Clone 0 Private 315. Modified 0. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a000856060 ElapsedTime 00:03:18.631 UserTime 00:00:00.046 KernelTime 00:00:00.031 QuotaPoolUsage[PagedPool] 58280 QuotaPoolUsage[NonPagedPool] 10032 Working Set Sizes (now,min,max) (1297, 50, 345) (5188KB, 200KB, 1380KB) PeakWorkingSetSize 1328 VirtualSize 30 Mb PeakVirtualSize 36 Mb PageFaultCount 1482 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 436 Job fffffa8003dc8160 Setting context for this process... .process /p /r fffffa8002d6c540 !peb PEB at 000007f7d3e2e000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f7d4780000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000000d7707419e0 . 000000d77074bf80 Ldr.InLoadOrderModuleList: 000000d770741b40 . 000000d77074bf60 Ldr.InMemoryOrderModuleList: 000000d770741b50 . 000000d77074bf70 Base TimeStamp Module 7f7d4780000 5010ad15 Jul 26 03:36:05 2012 C:\WINDOWS\system32\wbem\wmiprvse.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\FastProx.dll 7feed240000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\NCObjAPI.DLL 7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll 7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll 7fef1ed0000 501087f4 Jul 26 00:57:40 2012 C:\WINDOWS\system32\wbem\wmiutils.dll 7feea450000 5010879f Jul 26 00:56:15 2012 C:\WINDOWS\system32\wbem\wmiprov.dll 7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\SYSTEM32\WMICLNT.dll SubSystemData: 0000000000000000 ProcessHeap: 000000d770740000 ProcessParameters: 000000d770741170 CurrentDirectory: 'C:\WINDOWS\system32\' WindowTitle: 'C:\WINDOWS\system32\wbem\wmiprvse.exe' ImageFile: 'C:\WINDOWS\system32\wbem\wmiprvse.exe' CommandLine: 'C:\WINDOWS\system32\wbem\wmiprvse.exe' DllPath: '< Name not readable >' Environment: 000000d770740860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\WINDOWS\TEMP TMP=C:\WINDOWS\TEMP USERDOMAIN=WORKGROUP USERNAME=MACAIR1$ USERPROFILE=C:\WINDOWS\system32\config\systemprofile windir=C:\WINDOWS THREAD fffffa80037dfb00 Cid 0e80.0ccc Teb: 000007f7d3e2c000 Win32Thread: fffff90100659710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80036474e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728397 Ticks: 12731 (0:00:03:18.604) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address wmiprvse!WinMainCRTStartup (0x000007f7d478b3fc) Stack Init fffff880173f0dd0 Current fffff880173f05f0 Base fffff880173f1000 Limit fffff880173eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002c9d800 Cid 0e80.083c Teb: 000007f7d3e2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017422dd0 Current fffff88017422760 Base fffff88017423000 Limit fffff8801741d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80041a8840 Cid 0e80.0ce8 Teb: 000007f7d3e28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dce240 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728396 Ticks: 12732 (0:00:03:18.620) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff880173d4dd0 Current fffff880173d4180 Base fffff880173d5000 Limit fffff880173cf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b59080 Cid 0e80.04d0 Teb: 000007f7d3e26000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15738078 Ticks: 3050 (0:00:00:47.580) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173f7dd0 Current fffff880173f7760 Base fffff880173f8000 Limit fffff880173f2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa8001e03080 Cid 0e80.0c5c Teb: 000007f7d3cfe000 Win32Thread: fffff90100691290 WAIT: (UserRequest) UserMode Alertable fffffa8002db0b20 SynchronizationEvent fffffa8002db0aa0 SynchronizationEvent fffffa8003050aa0 SynchronizationEvent fffffa8003050a20 SynchronizationEvent fffffa800388d290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15736090 Ticks: 5038 (0:00:01:18.593) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmiprvse!WmiThread::ThreadProc (0x000007f7d4781850) Stack Init fffff88017414dd0 Current fffff88017414180 Base fffff88017415000 Limit fffff8801740f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 THREAD fffffa80040db980 Cid 0e80.0cb0 Teb: 000007f7d3cfa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject IRP List: fffffa8001d67830: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801744edd0 Current fffff8801744e760 Base fffff8801744f000 Limit fffff88017449000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. PROCESS fffffa8004145940 SessionId: 2 Cid: 0814 Peb: 7f6abd6d000 ParentCid: 0288 DirBase: 4cdd6000 ObjectTable: fffff8a006b08680 HandleCount: Image: BackgroundTransferHost.exe VadRoot fffffa8001f792b0 Vads 116 Clone 0 Private 650. Modified 2. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a002dae5d0 ElapsedTime 00:01:17.728 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 221184 QuotaPoolUsage[NonPagedPool] 21392 Working Set Sizes (now,min,max) (2770, 50, 345) (11080KB, 200KB, 1380KB) PeakWorkingSetSize 2893 VirtualSize 101 Mb PeakVirtualSize 103 Mb PageFaultCount 3052 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 781 Job fffffa80033be260 Setting context for this process... .process /p /r fffffa8004145940 !peb PEB at 000007f6abd6d000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: No ImageBaseAddress: 000007f6acc30000 Ldr 000007fef7ff88a0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00000034ca0b1d70 . 00000034ca0faf70 Ldr.InLoadOrderModuleList: 00000034ca0b1ed0 . 00000034ca0faf50 Ldr.InMemoryOrderModuleList: 00000034ca0b1ee0 . 00000034ca0faf60 Base TimeStamp Module 7f6acc30000 5010a67f Jul 26 03:07:59 2012 C:\WINDOWS\system32\BackgroundTransferHost.exe 7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll 7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL 7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll 7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll 7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll 7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll 7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll 7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll 7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll 7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll 7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll 7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll 7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll 7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL 7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll 7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll 7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll 7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll 7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll 7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll 7feecb30000 501087eb Jul 26 00:57:31 2012 C:\Windows\System32\biwinrt.dll 7fee5a10000 505a9222 Sep 20 04:48:50 2012 C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll 7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll 7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll 7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll 7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll 7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll 7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\system32\SystemEventsBrokerClient.dll 7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll 7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll 7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll 7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\Secur32.dll 7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SSPICLI.DLL 7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\userenv.dll 7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll 7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll 7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll 7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll 7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll 7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll 7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\winhttp.dll 7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll 7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL 7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL 7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll 7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll 7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll 7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll 7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll 7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL 7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll 7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll 7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll 7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll 7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll 7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll 7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll 7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll 7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll SubSystemData: 000007fee8ad43f0 ProcessHeap: 00000034ca0b0000 ProcessParameters: 00000034ca0b1360 CurrentDirectory: 'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\' WindowTitle: '"BackgroundTransferHost.exe"' ImageFile: 'C:\WINDOWS\system32\BackgroundTransferHost.exe' CommandLine: '"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1' DllPath: 'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.8514.0_neutral__8wekyb3d8bbwe' Environment: 00000034ca0b0860 ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Dmitry\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=MACAIR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Dmitry LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC LOGONSERVER=\\MicrosoftAccount NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramData=C:\ProgramData ProgramFiles=C:\Program Files ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp TMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp USERDOMAIN=MACAIR1 USERDOMAIN_ROAMINGPROFILE=MACAIR1 USERNAME=Dmitry USERPROFILE=C:\Users\Dmitry windir=C:\WINDOWS THREAD fffffa8001ca1080 Cid 0814.0af4 Teb: 000007f6abd6e000 Win32Thread: fffff901040fcb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d76d0 NotificationEvent fffffa8003e46770 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address BackgroundTransferHost!wWinMainCRTStartup (0x000007f6acc3299c) Stack Init fffff880175d3dd0 Current fffff880175d3180 Base fffff880175d4000 Limit fffff880175ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa8001e0f080 Cid 0814.0d1c Teb: 000007f6abd6b000 Win32Thread: fffff901043b1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d15e90 SynchronizationEvent fffffa80040141e0 SynchronizationEvent fffffa800385b510 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175e9dd0 Current fffff880175e9180 Base fffff880175ea000 Limit fffff880175e4000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa800416d5c0 Cid 0814.0e9c Teb: 000007f6abd69000 Win32Thread: fffff901040d2240 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e6b710 SynchronizationEvent fffffa8001d344c0 SynchronizationEvent fffffa80033c5210 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175f0dd0 Current fffff880175f0180 Base fffff880175f1000 Limit fffff880175eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa8002c8e080 Cid 0814.053c Teb: 000007f6abd67000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e3b2a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88000fbfdd0 Current fffff88000fbf0f0 Base fffff88000fc0000 Limit fffff88000fba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa80018b8080 Cid 0814.0368 Teb: 000007f6abd65000 Win32Thread: fffff90104271b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80020af610 SynchronizationEvent fffffa8001cec150 SynchronizationEvent fffffa8001e14af0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe9dd0 Current fffff88000fe9180 Base fffff88000fea000 Limit fffff88000fe4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa800200d800 Cid 0814.0d4c Teb: 000007f6abd63000 Win32Thread: fffff9010414f010 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 358 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880172c3dd0 Current fffff880172c3760 Base fffff880172c4000 Limit fffff880172be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa80033b8b00 Cid 0814.0850 Teb: 000007f6abc3e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002d4db30 NotificationEvent IRP List: fffffa80033f6950: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88003c61dd0 Current fffff88003c61900 Base fffff88003c62000 Limit fffff88003c5c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa80040ee700 Cid 0814.0938 Teb: 000007f6abc3c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f10500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736494 Ticks: 4634 (0:00:01:12.290) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8800317add0 Current fffff8800317a760 Base fffff8800317b000 Limit fffff88003175000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa8001e22740 Cid 0814.0f3c Teb: 000007f6abc3a000 Win32Thread: fffff901041b5010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e416f0 SynchronizationEvent fffffa80018d06a0 SynchronizationEvent fffffa8003f53420 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003188dd0 Current fffff88003188180 Base fffff88003189000 Limit fffff88003183000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa80038a7080 Cid 0814.08d8 Teb: 000007f6abc38000 Win32Thread: fffff9010430ab90 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject IRP List: fffffa800266fb20: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa800413e810: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 293 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015991dd0 Current fffff88015991760 Base fffff88015992000 Limit fffff8801598c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa8003de9080 Cid 0814.0fc0 Teb: 000007f6abc34000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003c44dd0 Current fffff88003c44760 Base fffff88003c45000 Limit fffff88003c3f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 THREAD fffffa8001ce6640 Cid 0814.03ec Teb: 000007f6abc32000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8004000ac0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736520 Ticks: 4608 (0:00:01:11.885) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88003c0ddd0 Current fffff88003c0d7a0 Base fffff88003c0e000 Limit fffff88003c08000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 .process /p /r 0 0: kd> !process 0 1f **** NT ACTIVE PROCESS DUMP **** PROCESS fffffa800182e480 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000003000 HandleCount: Image: System VadRoot fffffa80026a92b0 Vads 16 Clone 0 Private 21. Modified 60513. Locked 64. DeviceMap fffff8a00000c340 Token fffff8a0000055e0 ElapsedTime 2 Days 20:12:15.491 UserTime 00:00:00.000 KernelTime 00:00:10.030 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (224, 50, 450) (896KB, 200KB, 1800KB) PeakWorkingSetSize 1739 VirtualSize 5 Mb PeakVirtualSize 12 Mb PageFaultCount 41953 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 31 Setting context for this process... .process /p /r fffffa800182e480 THREAD fffffa8001818040 Cid 0004.0008 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d542e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 23943 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:08.502 Win32 Start Address nt!Phase1Initialization (0xfffff802b3f85f70) Stack Init fffff880009a9dd0 Current fffff880009a9970 Base fffff880009aa000 Limit fffff880009a4000 Call 0 Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`009a99b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`009a9af0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`009a9bb0 fffff802`b3b580b7 nt!KeWaitForSingleObject+0x1cf fffff880`009a9c40 fffff802`b3aab535 nt!MmZeroPageThread+0x2d0 fffff880`009a9d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`009a9da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800184e380 Cid 0004.000c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d1ff20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 38 Ticks: 15741090 (2:20:12:42.577) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorkerControl (0xfffff802b3bc4b30) Stack Init fffff880009d0dd0 Current fffff880009d0a40 Base fffff880009d1000 Limit fffff880009cb000 Call 0 Priority 15 BasePriority 13 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`009d0a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`009d0bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`009d0c80 fffff802`b3bc4b60 nt!KeWaitForSingleObject+0x1cf fffff880`009d0d10 fffff802`b3aab535 nt!PopIrpWorkerControl+0x30 fffff880`009d0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`009d0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80017f4040 Cid 0004.0010 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739995 Ticks: 1133 (0:00:00:17.674) Context Switch Count 535 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009d7dd0 Current fffff880009d79d0 Base fffff880009d8000 Limit fffff880009d2000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`009d7a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`009d7b50 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`009d7c10 fffff802`b3ba4818 nt!KeWaitForSingleObject+0x1cf fffff880`009d7ca0 fffff802`b3aab535 nt!PopIrpWorker+0x140 fffff880`009d7d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`009d7da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800183a940 Cid 0004.0014 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009dedd0 Current fffff880009de9d0 Base fffff880009df000 Limit fffff880009d9000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`009dea10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`009deb50 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`009dec10 fffff802`b3ba4818 nt!KeWaitForSingleObject+0x1cf fffff880`009deca0 fffff802`b3aab535 nt!PopIrpWorker+0x140 fffff880`009ded50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`009deda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80018094c0 Cid 0004.0018 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8001835788 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15679017 Ticks: 62111 (0:00:16:08.937) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopFxEmergencyWorker (0xfffff802b3bb507c) Stack Init fffff880009e5dd0 Current fffff880009e5a20 Base fffff880009e6000 Limit fffff880009e0000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`009e5a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`009e5ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`009e5c60 fffff802`b3bb50b9 nt!KeRemoveQueueEx+0x26b fffff880`009e5d10 fffff802`b3aab535 nt!PopFxEmergencyWorker+0x3e fffff880`009e5d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`009e5da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001823980 Cid 0004.001c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88000faace0 SynchronizationTimer fffff802b3d0d2f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThreadBalanceManager (0xfffff802b3e1bfe8) Stack Init fffff88000faadd0 Current fffff88000faa9a0 Base fffff88000fab000 Limit fffff88000fa5000 Call 0 Priority 15 BasePriority 12 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`00faa9e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00faab20 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`00faabe0 fffff802`b3e1c0b5 nt!KeWaitForMultipleObjects+0x25d fffff880`00faac90 fffff802`b3aab535 nt!ExpWorkerThreadBalanceManager+0xcd fffff880`00faad50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`00faada0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001806a80 Cid 0004.002c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 20016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.780 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fc6dd0 Current fffff88000fc69d0 Base fffff88000fc7000 Limit fffff88000fc1000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`00fc6a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fc6b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`00fc6c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`00fc6cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`00fc6d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`00fc6da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001806400 Cid 0004.0030 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740018 Ticks: 1110 (0:00:00:17.316) Context Switch Count 30328 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:01.279 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fcddd0 Current fffff88000fcd9d0 Base fffff88000fce000 Limit fffff88000fc8000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`00fcda10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fcdb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`00fcdc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`00fcdcc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`00fcdd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`00fcdda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80018457c0 Cid 0004.004c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff802b3d84180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88000ffedd0 Current fffff88000ffe950 Base fffff88000fff000 Limit fffff88000ff9000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`00ffe990 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00ffead0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c fffff880`00ffeb90 fffff802`b3ae567a nt!KeWaitForGate+0x10f fffff880`00ffebe0 fffff802`b3aab535 nt!KiExecuteDpc+0xa6 fffff880`00ffed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`00ffeda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800181c040 Cid 0004.0054 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff880009eb180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 135 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88002f0fdd0 Current fffff88002f0f950 Base fffff88002f10000 Limit fffff88002f0a000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f0f990 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f0fad0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c fffff880`02f0fb90 fffff802`b3ae567a nt!KeWaitForGate+0x10f fffff880`02f0fbe0 fffff802`b3aab535 nt!KiExecuteDpc+0xa6 fffff880`02f0fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f0fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001802b00 Cid 0004.0060 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable fffff802b3d53f80 NotificationEvent fffff802b3d540c0 Semaphore Limit 0x7fffffff fffff802b3d53f40 NotificationEvent fffff802b3d54020 NotificationEvent fffff802b3d527a0 NotificationEvent fffff802b3d527c0 SynchronizationEvent fffff802b3d53ee0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736321 Ticks: 4807 (0:00:01:14.989) Context Switch Count 1760 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiDereferenceSegmentThread (0xfffff802b3ac194c) Stack Init fffff88002f24dd0 Current fffff88002f249d0 Base fffff88002f25000 Limit fffff88002f1f000 Call 0 Priority 19 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f24a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f24b50 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f24c10 fffff802`b3ac1a0d nt!KeWaitForMultipleObjects+0x25d fffff880`02f24cc0 fffff802`b3aab535 nt!MiDereferenceSegmentThread+0xc1 fffff880`02f24d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f24da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80018177c0 Cid 0004.0064 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d276a0 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15732487 Ticks: 8641 (0:00:02:14.800) Context Switch Count 866 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiModifiedPageWriter (0xfffff802b3baa478) Stack Init fffff88002f2bdd0 Current fffff88002f2ba40 Base fffff88002f2c000 Limit fffff88002f26000 Call 0 Priority 18 BasePriority 18 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f2ba80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f2bbc0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c fffff880`02f2bc80 fffff802`b3baa4ee nt!KeWaitForGate+0x10f fffff880`02f2bcd0 fffff802`b3aab535 nt!MiModifiedPageWriter+0x76 fffff880`02f2bd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f2bda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001833040 Cid 0004.0068 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad80 SynchronizationEvent fffff802b3d52f60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 3280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.156 Win32 Start Address nt!KeBalanceSetManager (0xfffff802b3b36620) Stack Init fffff88002f32dd0 Current fffff88002f329f0 Base fffff88002f33000 Limit fffff88002f2d000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f32a30 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f32b70 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f32c30 fffff802`b3b366c7 nt!KeWaitForMultipleObjects+0x25d fffff880`02f32ce0 fffff802`b3aab535 nt!KeBalanceSetManager+0xa7 fffff880`02f32d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f32da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001823040 Cid 0004.006c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d53aa0 SynchronizationEvent fffff802b3d53ab8 SynchronizationEvent fffff802b3d53ad0 SynchronizationEvent fffff802b3d53ae8 SynchronizationEvent fffff802b3d53b00 SynchronizationEvent fffff802b3d53b18 SynchronizationEvent fffff802b3d53b30 SynchronizationEvent fffff802b3d53b48 SynchronizationEvent fffff802b3d53b60 SynchronizationEvent fffff802b3d53b78 SynchronizationEvent fffff802b3d53b90 SynchronizationEvent fffff802b3d53ba8 SynchronizationEvent fffff802b3d53bc0 SynchronizationEvent fffff802b3d53bd8 SynchronizationEvent fffff802b3d53bf0 SynchronizationEvent fffff802b3d53c08 SynchronizationEvent fffff802b3d53c20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741060 Ticks: 68 (0:00:00:01.060) Context Switch Count 16742 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!MiMappedPageWriter (0xfffff802b3b6f140) Stack Init fffff88002f39dd0 Current fffff88002f39970 Base fffff88002f3a000 Limit fffff88002f34000 Call 0 Priority 18 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f399b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f39af0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f39bb0 fffff802`b3b6f1f1 nt!KeWaitForMultipleObjects+0x25d fffff880`02f39c60 fffff802`b3aab535 nt!MiMappedPageWriter+0xb1 fffff880`02f39d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f39da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001810b00 Cid 0004.0070 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad40 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 9193 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address nt!KeSwapProcessOrStack (0xfffff802b3aec50c) Stack Init fffff88002f40dd0 Current fffff88002f40a20 Base fffff88002f41000 Limit fffff88002f3b000 Call 0 Priority 23 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f40a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f40ba0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`02f40c60 fffff802`b3aec549 nt!KeWaitForSingleObject+0x1cf fffff880`02f40cf0 fffff802`b3aab535 nt!KeSwapProcessOrStack+0x3d fffff880`02f40d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f40da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001803040 Cid 0004.007c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d6fd60 SynchronizationEvent fffff802b3d6fd80 SynchronizationEvent fffff802b3d6fda0 SynchronizationEvent fffff802b3d6fdc0 SynchronizationEvent fffff802b3d6fde0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741056 Ticks: 72 (0:00:00:01.123) Context Switch Count 1706 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!CcQueueLazyWriteScanThread (0xfffff802b3b893d8) Stack Init fffff88002f55dd0 Current fffff88002f559e0 Base fffff88002f56000 Limit fffff88002f50000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f55a20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f55b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f55c20 fffff802`b3b89467 nt!KeWaitForMultipleObjects+0x25d fffff880`02f55cd0 fffff802`b3aab535 nt!CcQueueLazyWriteScanThread+0x8f fffff880`02f55d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f55da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001800040 Cid 0004.0080 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e020 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f61dd0 Current fffff88002f61a20 Base fffff88002f62000 Limit fffff88002f5c000 Call 0 Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f61a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f61ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02f61c60 fffff802`b3bc47c5 nt!KeRemoveQueueEx+0x26b fffff880`02f61d10 fffff802`b3aab535 nt!FsRtlWorkerThread+0x4d fffff880`02f61d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f61da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800182b800 Cid 0004.0084 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e060 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f68dd0 Current fffff88002f68a20 Base fffff88002f69000 Limit fffff88002f63000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f68a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f68ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02f68c60 fffff802`b3bc47c5 nt!KeRemoveQueueEx+0x26b fffff880`02f68d10 fffff802`b3aab535 nt!FsRtlWorkerThread+0x4d fffff880`02f68d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f68da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001825b00 Cid 0004.0088 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001807230 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65 Ticks: 15741063 (2:20:12:42.156) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f8fdd0 Current fffff88002f8f950 Base fffff88002f90000 Limit fffff88002f8a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f8f990 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f8fad0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`02f8fb90 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`02f8fc20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x2ce fffff880`02f8fcd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02f8fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f8fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800183a040 Cid 0004.008c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001818e30 SynchronizationEvent fffffa8001818e48 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 403 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f96dd0 Current fffff88002f969e0 Base fffff88002f97000 Limit fffff88002f91000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f96a20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f96b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f96c20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`02f96cd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02f96d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f96da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001839b00 Cid 0004.0090 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001802230 SynchronizationEvent fffffa8001802248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 207 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f9ddd0 Current fffff88002f9d9e0 Base fffff88002f9e000 Limit fffff88002f98000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f9da20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f9db60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02f9dc20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`02f9dcd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02f9dd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f9dda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001903b00 Cid 0004.0094 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001903230 SynchronizationEvent fffffa8001903248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 60 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fa4dd0 Current fffff88002fa49e0 Base fffff88002fa5000 Limit fffff88002f9f000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fa4a20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fa4b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02fa4c20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`02fa4cd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02fa4d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fa4da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001902040 Cid 0004.0098 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019038f0 SynchronizationEvent fffffa8001903908 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739331 Ticks: 1797 (0:00:00:28.033) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fabdd0 Current fffff88002fab9e0 Base fffff88002fac000 Limit fffff88002fa6000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02faba20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fabb60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02fabc20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`02fabcd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02fabd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fabda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800196fb00 Cid 0004.00a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001970230 SynchronizationEvent fffffa8001970248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 506 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc0dd0 Current fffff88002fc09e0 Base fffff88002fc1000 Limit fffff88002fbb000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fc0a20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fc0b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02fc0c20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`02fc0cd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02fc0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fc0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800196d040 Cid 0004.00a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800196e4b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15712882 Ticks: 28246 (0:00:07:20.640) Context Switch Count 130 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc7dd0 Current fffff88002fc7950 Base fffff88002fc8000 Limit fffff88002fc2000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fc7990 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fc7ad0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`02fc7b90 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`02fc7c20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x2ce fffff880`02fc7cd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`02fc7d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fc7da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001810040 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fd5dd0 Current fffff88002fd5a20 Base fffff88002fd6000 Limit fffff88002fd0000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fd5a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fd5ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02fd5c60 fffff802`b3bc49ea nt!KeRemoveQueueEx+0x26b fffff880`02fd5d10 fffff802`b3aab535 nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fd5d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fd5da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80017ff800 Cid 0004.00b4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fdcdd0 Current fffff88002fdca20 Base fffff88002fdd000 Limit fffff88002fd7000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fdca60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fdcba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02fdcc60 fffff802`b3bc49ea nt!KeRemoveQueueEx+0x26b fffff880`02fdcd10 fffff802`b3aab535 nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fdcd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fdcda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80017fe040 Cid 0004.00b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fe3dd0 Current fffff88002fe3a20 Base fffff88002fe4000 Limit fffff88002fde000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fe3a60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fe3ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02fe3c60 fffff802`b3bc49ea nt!KeRemoveQueueEx+0x26b fffff880`02fe3d10 fffff802`b3aab535 nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fe3d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02fe3da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80017feb00 Cid 0004.00bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002feadd0 Current fffff88002feaa20 Base fffff88002feb000 Limit fffff88002fe5000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02feaa60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02feaba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02feac60 fffff802`b3bc49ea nt!KeRemoveQueueEx+0x26b fffff880`02fead10 fffff802`b3aab535 nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fead50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02feada0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001904300 Cid 0004.00c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001040bc0 NotificationEvent fffff88001040c00 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 2107 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ACPI!ACPIWorkerThread (0xfffff88001006874) Stack Init fffff88002ff1dd0 Current fffff88002ff1a00 Base fffff88002ff2000 Limit fffff88002fec000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02ff1a40 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02ff1b80 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02ff1c40 fffff880`010068e8 nt!KeWaitForMultipleObjects+0x25d fffff880`02ff1cf0 fffff802`b3aab535 ACPI!ACPIWorkerThread+0x74 fffff880`02ff1d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02ff1da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80019a8b00 Cid 0004.00c8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019a84e0 SynchronizationEvent fffffa80019a84f8 SynchronizationEvent fffffa80019a8510 SynchronizationEvent fffffa80019a8528 SynchronizationEvent fffffa80019a8540 SynchronizationEvent fffffa80019a8558 SynchronizationEvent fffffa80019a8570 SynchronizationEvent fffffa80019a8588 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678945 Ticks: 62183 (0:00:16:10.061) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pci!RootPmeEventDispatcher (0xfffff8800119ef34) Stack Init fffff88003019dd0 Current fffff88003019810 Base fffff8800301a000 Limit fffff88003014000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03019850 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03019990 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03019a50 fffff880`0119efce nt!KeWaitForMultipleObjects+0x25d fffff880`03019b00 fffff802`b3aab535 pci!RootPmeEventDispatcher+0x9a fffff880`03019d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03019da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80019a7040 Cid 0004.00cc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001857698 SynchronizationEvent fffffa8001857680 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678905 Ticks: 62223 (0:00:16:10.685) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ACPI!PciRootBusBiosMethodDispatcherOnResume (0xfffff8800100d654) Stack Init fffff88003020dd0 Current fffff88003020a00 Base fffff88003021000 Limit fffff8800301b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03020a40 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03020b80 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03020c40 fffff880`0100d6a5 nt!KeWaitForMultipleObjects+0x25d fffff880`03020cf0 fffff802`b3aab535 ACPI!PciRootBusBiosMethodDispatcherOnResume+0x51 fffff880`03020d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03020da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80024f7b00 Cid 0004.00d0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a01770 NotificationEvent fffffa8001a01788 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8583 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address WdFilter!MpAsyncpWorkerThread (0xfffff8800158e360) Stack Init fffff880030a8dd0 Current fffff880030a89d0 Base fffff880030a9000 Limit fffff880030a3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030a8a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030a8b50 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`030a8c10 fffff880`0158e5db nt!KeWaitForMultipleObjects+0x25d fffff880`030a8cc0 fffff802`b3aab535 WdFilter!MpAsyncpWorkerThread+0x27b fffff880`030a8d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`030a8da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80024fd040 Cid 0004.00d4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001ce4ba0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734738 Ticks: 6390 (0:00:01:39.684) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ndis!ndisThreadPoolTimerHandler (0xfffff88001c843e8) Stack Init fffff880030d9dd0 Current fffff880030d9a40 Base fffff880030da000 Limit fffff880030d4000 Call 0 Priority 15 BasePriority 7 UnusualBoost 8 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030d9a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030d9bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`030d9c80 fffff880`01c84407 nt!KeWaitForSingleObject+0x1cf fffff880`030d9d10 fffff802`b3aab535 ndis!ndisThreadPoolTimerHandler+0x1f fffff880`030d9d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`030d9da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80024fdb00 Cid 0004.00d8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 96856 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff880030e0dd0 Current fffff880030e09f0 Base fffff880030e1000 Limit fffff880030db000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030e0a30 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030e0b70 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`030e0c30 fffff802`b3ab8209 nt!KeRemoveQueueEx+0x26b fffff880`030e0ce0 fffff880`01c74b3b nt!KeRemoveQueue+0x21 fffff880`030e0d20 fffff802`b3aab535 ndis!ndisWorkerThread+0x3b fffff880`030e0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`030e0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002651b00 Cid 0004.00ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736316 Ticks: 4812 (0:00:01:15.067) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff88002f4edd0 Current fffff88002f4ea40 Base fffff88002f4f000 Limit fffff88002f49000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f4ea80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f4ebc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`02f4ec80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`02f4ed10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`02f4ed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f4eda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002650040 Cid 0004.00f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 1317 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031a9dd0 Current fffff880031a9a40 Base fffff880031aa000 Limit fffff880031a4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031a9a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031a9bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031a9c80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031a9d10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031a9d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031a9da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002650b00 Cid 0004.00f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea200 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 2841 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.234 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b0dd0 Current fffff880031b0a40 Base fffff880031b1000 Limit fffff880031ab000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031b0a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031b0bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031b0c80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031b0d10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031b0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031b0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80026505c0 Cid 0004.00f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea220 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 704 Ticks: 15740424 (2:20:12:32.188) Context Switch Count 276 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b7dd0 Current fffff880031b7a40 Base fffff880031b8000 Limit fffff880031b2000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 Child-SP RetAddr Call Site fffff880`031b7a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031b7bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031b7c80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031b7d10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031b7d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031b7da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800264f040 Cid 0004.00fc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea240 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031bedd0 Current fffff880031bea40 Base fffff880031bf000 Limit fffff880031b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031bea80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031bebc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031bec80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031bed10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031bed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031beda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800264fb00 Cid 0004.0100 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea260 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031c5dd0 Current fffff880031c5a40 Base fffff880031c6000 Limit fffff880031c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031c5a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031c5bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031c5c80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031c5d10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031c5d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031c5da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800264e040 Cid 0004.0104 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea280 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031ccdd0 Current fffff880031cca40 Base fffff880031cd000 Limit fffff880031c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031cca80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031ccbc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031ccc80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031ccd10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031ccd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031ccda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800264eb00 Cid 0004.0108 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2a0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031d3dd0 Current fffff880031d3a40 Base fffff880031d4000 Limit fffff880031ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031d3a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031d3bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031d3c80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031d3d10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031d3d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031d3da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800264e5c0 Cid 0004.010c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031dadd0 Current fffff880031daa40 Base fffff880031db000 Limit fffff880031d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031daa80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031dabc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031dac80 fffff880`02192115 nt!KeWaitForSingleObject+0x1cf fffff880`031dad10 fffff802`b3aab535 volsnap!VspWorkerThread+0x86 fffff880`031dad50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031dada0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002c6cb00 Cid 0004.0114 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88003574520 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14317 Ticks: 15726811 (2:20:08:59.823) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address watchdog!SMgrGdiCalloutThread (0xfffff8800356eddc) Stack Init fffff880031f7dd0 Current fffff880031f7a40 Base fffff880031f8000 Limit fffff880031f2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`031f7a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`031f7bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`031f7c80 fffff880`0356ee1f nt!KeWaitForSingleObject+0x1cf fffff880`031f7d10 fffff802`b3aab535 watchdog!SMgrGdiCalloutThread+0x43 fffff880`031f7d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`031f7da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002daab00 Cid 0004.0118 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002daaea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 118 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!SepRmCommandServerThread (0xfffff802b3e4fd10) Stack Init fffff88002f6fdd0 Current fffff88002f6f270 Base fffff88002f70000 Limit fffff88002f6a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`02f6f2b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f6f3f0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`02f6f4b0 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`02f6f540 fffff802`b3ef350d nt!AlpcpReceiveMessagePort+0x380 fffff880`02f6f5b0 fffff802`b3ef334b nt!AlpcpReceiveLegacyMessage+0x11c fffff880`02f6f640 fffff802`b3ef31f3 nt!NtReplyWaitReceivePortEx+0xca fffff880`02f6f6d0 fffff802`b3b02d53 nt!NtReplyWaitReceivePort+0xf fffff880`02f6f710 fffff802`b3b07f30 nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02f6f710) fffff880`02f6f8a8 fffff802`b3e4fd93 nt!KiServiceLinkage fffff880`02f6f8b0 fffff802`b3aab535 nt!SepRmCommandServerThread+0x83 fffff880`02f6fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`02f6fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002dec080 Cid 0004.0150 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffff802b3d6e560 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740122 Ticks: 1006 (0:00:00:15.693) Context Switch Count 2339 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!CmpLazyFlushWorker (0xfffff802b3e46354) Stack Init fffff88003165dd0 Current fffff88003165a40 Base fffff88003166000 Limit fffff88003160000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03165a80 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03165bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03165c80 fffff802`b3e46382 nt!KeWaitForSingleObject+0x1cf fffff880`03165d10 fffff802`b3aab535 nt!CmpLazyFlushWorker+0x2e fffff880`03165d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03165da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002e2b300 Cid 0004.015c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 100462 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.218 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff8800305cdd0 Current fffff8800305c9f0 Base fffff8800305d000 Limit fffff88003057000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`0305ca30 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0305cb70 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`0305cc30 fffff802`b3ab8209 nt!KeRemoveQueueEx+0x26b fffff880`0305cce0 fffff880`01c74b3b nt!KeRemoveQueue+0x21 fffff880`0305cd20 fffff802`b3aab535 ndis!ndisWorkerThread+0x3b fffff880`0305cd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`0305cda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002e59b00 Cid 0004.0160 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88004d58460 SynchronizationEvent fffff88004d584a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 2986 Ticks: 15738142 (2:20:11:56.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address raspptp!MainPassiveLevelThread (0xfffff88004d4db60) Stack Init fffff88003c06dd0 Current fffff88003c06a00 Base fffff88003c07000 Limit fffff88003c01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c06a40 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c06b80 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03c06c40 fffff880`04d4dba9 nt!KeWaitForMultipleObjects+0x25d fffff880`03c06cf0 fffff802`b3aab535 raspptp!MainPassiveLevelThread+0x49 fffff880`03c06d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c06da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80031a4b00 Cid 0004.0164 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d200 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737833 Ticks: 3295 (0:00:00:51.402) Context Switch Count 353 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8800307fdd0 Current fffff8800307f9d0 Base fffff88003080000 Limit fffff8800307a000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`0307fa10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0307fb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`0307fc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`0307fcc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`0307fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`0307fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80031c7040 Cid 0004.0170 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15707887 Ticks: 33241 (0:00:08:38.562) Context Switch Count 5887 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.600 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c2fdd0 Current fffff88003c2f9d0 Base fffff88003c30000 Limit fffff88003c2a000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c2fa10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c2fb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03c2fc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`03c2fcc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`03c2fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c2fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80031c7b00 Cid 0004.0174 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740197 Ticks: 931 (0:00:00:14.523) Context Switch Count 4243 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.319 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c36dd0 Current fffff88003c369d0 Base fffff88003c37000 Limit fffff88003c31000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c36a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c36b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03c36c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`03c36cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`03c36d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c36da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003260040 Cid 0004.017c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800325d948 NotificationEvent fffffa800325d960 NotificationEvent fffffa800325d978 NotificationEvent fffffa800325d990 NotificationEvent fffffa800325d9a8 NotificationEvent fffffa800325d9c0 NotificationEvent fffffa800325d9d8 NotificationEvent fffffa800325d9f0 NotificationEvent fffffa800325da08 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 243 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bthport!HCI_ThreadFunction (0xfffff880044df418) Stack Init fffff88003071dd0 Current fffff88003071770 Base fffff88003072000 Limit fffff8800306c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030717b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030718f0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`030719b0 fffff880`044df549 nt!KeWaitForMultipleObjects+0x25d fffff880`03071a60 fffff802`b3aab535 bthport!HCI_ThreadFunction+0x131 fffff880`03071d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03071da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800183f080 Cid 0004.01a0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8002e421e8 SynchronizationEvent fffffa8002e42240 SynchronizationEvent fffffa8002e42298 SynchronizationEvent fffffa8002e42178 SynchronizationEvent fffffa8002e42148 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733181 Ticks: 7947 (0:00:02:03.973) Context Switch Count 25299 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address BasicRender!WARPKMADAPTER::WarpGPUWorkerThread (0xfffff880019f2860) Stack Init fffff88003c4bdd0 Current fffff88003c4abd0 Base fffff88003c4c000 Limit fffff88003c46000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c4ac10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c4ad50 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03c4ae10 fffff880`019f1384 nt!KeWaitForMultipleObjects+0x25d fffff880`03c4aec0 fffff802`b3aab535 BasicRender!WARPKMADAPTER::RunGPU+0x1e7 fffff880`03c4bd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c4bda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800188f080 Cid 0004.01a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018d8948 SynchronizationEvent fffffa80018d8910 SynchronizationEvent fffffa80018d89b8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734591 Ticks: 6537 (0:00:01:41.977) Context Switch Count 68404 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff88003c5add0 Current fffff88003c5a850 Base fffff88003c5b000 Limit fffff88003c55000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c5a890 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c5a9d0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03c5aa90 fffff880`035bca0f nt!KeWaitForMultipleObjects+0x25d fffff880`03c5ab40 fffff880`03587fe5 dxgmms1!VidSchiWaitForSchedulerEvents+0x1d3 fffff880`03c5abe0 fffff880`035bc646 dxgmms1!VidSchiScheduleCommandToRun+0x289 fffff880`03c5ad10 fffff802`b3aab535 dxgmms1!VidSchiWorkerThread+0xca fffff880`03c5ad50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c5ada0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800188db00 Cid 0004.01a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable fffff88003c3db28 SynchronizationEvent fffff88003c3db10 SynchronizationEvent fffff88003c3dae0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65555 Ticks: 15675573 (2:19:55:40.506) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!BLTQUEUE::BltQueueWorkerThread (0xfffff880034a21e8) Stack Init fffff88003c3ddd0 Current fffff88003c3d780 Base fffff88003c3e000 Limit fffff88003c38000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c3d7c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c3d900 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03c3d9c0 fffff880`034a23bc nt!KeWaitForMultipleObjects+0x25d fffff880`03c3da70 fffff880`034a220d dxgkrnl!BLTQUEUE::BltQueueWorker+0x1a8 fffff880`03c3dd20 fffff802`b3aab535 dxgkrnl!BLTQUEUE::BltQueueWorkerThread+0x25 fffff880`03c3dd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`03c3dda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80033af900 Cid 0004.01e0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Alertable fffffa8002e8a880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 481 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address msrpc (0xfffff88000c9cb70) Stack Init fffff88003de6dd0 Current fffff88003de6650 Base fffff88003de7000 Limit fffff88003de1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03de6690 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03de67d0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03de6890 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03de6940 fffff802`b3e50a73 nt!IoRemoveIoCompletion+0x4c fffff880`03de69d0 fffff802`b3b02d53 nt!NtRemoveIoCompletionEx+0xe3 fffff880`03de6ae0 fffff802`b3b07f30 nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03de6b50) fffff880`03de6ce8 fffff880`00c9cba3 nt!KiServiceLinkage fffff880`03de6cf0 00000000`00000000 msrpc+0x1dba3 THREAD fffffa80036fb740 Cid 0004.02a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800373f0e0 NotificationEvent fffffa800373f0f8 SynchronizationEvent fffffa800373f140 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11275 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address luafv!UsnThread (0xfffff88015276f50) Stack Init fffff880150bcdd0 Current fffff880150bc8f0 Base fffff880150bd000 Limit fffff880150b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150bc930 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150bca70 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`150bcb30 fffff880`15277227 nt!KeWaitForMultipleObjects+0x25d fffff880`150bcbe0 fffff880`1527709e luafv!SynchronousFsControl+0x167 fffff880`150bcc80 fffff802`b3aab535 luafv!UsnThread+0x14e fffff880`150bcd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`150bcda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003048980 Cid 0004.04bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048050 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28512 Ticks: 15712616 (2:20:05:18.380) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e92dd0 Current fffff88014e929f0 Base fffff88014e93000 Limit fffff88014e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e92a30 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e92b70 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14e92c30 fffff880`15b042d4 nt!KeWaitForSingleObject+0x1cf fffff880`14e92cc0 fffff802`b3aab535 HTTP!UlpThreadPoolWorker+0x2c8 fffff880`14e92d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14e92da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003048440 Cid 0004.04c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048ed0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28702 Ticks: 15712426 (2:20:05:15.416) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e99dd0 Current fffff88014e999f0 Base fffff88014e9a000 Limit fffff88014e94000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e99a30 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e99b70 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14e99c30 fffff880`15b042d4 nt!KeWaitForSingleObject+0x1cf fffff880`14e99cc0 fffff802`b3aab535 HTTP!UlpThreadPoolWorker+0x2c8 fffff880`14e99d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14e99da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003050b00 Cid 0004.04c4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80017f3ee0 NotificationEvent fffffa8001845760 NotificationEvent fffff88015afb780 NotificationEvent fffff88015afb7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15730694 Ticks: 10434 (0:00:02:42.771) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpScavengerThread (0xfffff88015ab8c90) Stack Init fffff88014ea0dd0 Current fffff88014ea08c0 Base fffff88014ea1000 Limit fffff88014e9b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14ea0900 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14ea0a40 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14ea0b00 fffff880`15ab8d8e nt!KeWaitForMultipleObjects+0x25d fffff880`14ea0bb0 fffff802`b3aab535 HTTP!UlpScavengerThread+0xfe fffff880`14ea0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14ea0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003093b00 Cid 0004.0504 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015bc09c0 SynchronizationEvent fffff88015bc09a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpsdrv!IP6StringToAddress (0xfffff88015bb2600) Stack Init fffff88014efbdd0 Current fffff88014efb9e0 Base fffff88014efc000 Limit fffff88014ef6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14efba20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14efbb60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14efbc20 fffff880`15bb275a nt!KeWaitForMultipleObjects+0x25d fffff880`14efbcd0 fffff802`b3aab535 mpsdrv!IP6StringToAddress+0x636 fffff880`14efbd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14efbda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80030ad080 Cid 0004.051c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80030a1230 SynchronizationEvent fffffa80030a1248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736873 Ticks: 4255 (0:00:01:06.378) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88014f1edd0 Current fffff88014f1e9e0 Base fffff88014f1f000 Limit fffff88014f19000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f1ea20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f1eb60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f1ec20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d fffff880`14f1ecd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`14f1ed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14f1eda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003b63040 Cid 0004.0560 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019f29f8 SynchronizationEvent fffffa80019f2a10 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736919 Ticks: 4209 (0:00:01:05.660) Context Switch Count 169 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address Ndu!NduTokenComputeTokensWorkerRoutine (0xfffff8801534cd58) Stack Init fffff88014f87dd0 Current fffff88014f879e0 Base fffff88014f88000 Limit fffff88014f82000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f87a20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f87b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f87c20 fffff880`1534cdeb nt!KeWaitForMultipleObjects+0x25d fffff880`14f87cd0 fffff802`b3aab535 Ndu!NduTokenComputeTokensWorkerRoutine+0x93 fffff880`14f87d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14f87da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003bc0700 Cid 0004.0624 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003bf59f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739618 Ticks: 1510 (0:00:00:23.556) Context Switch Count 199 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88015e1bdd0 Current fffff88015e1b950 Base fffff88015e1c000 Limit fffff88015e16000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e1b990 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e1bad0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15e1bb90 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`15e1bc20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x2ce fffff880`15e1bcd0 fffff802`b3aab535 nt!EtwpLogger+0xb2 fffff880`15e1bd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15e1bda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003df1b00 Cid 0004.06e8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5a8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15682200 Ticks: 58928 (0:00:15:19.282) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed1dd0 Current fffff88015ed1a10 Base fffff88015ed2000 Limit fffff88015ecc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ed1a50 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ed1b90 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15ed1c50 fffff880`15c51681 nt!KeWaitForSingleObject+0x1cf fffff880`15ed1ce0 fffff802`b3aab535 srv2!SrvProcBackPocketThread+0x56 fffff880`15ed1d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15ed1da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003df15c0 Cid 0004.06ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b580 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15681641 Ticks: 59487 (0:00:15:28.003) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015eb5dd0 Current fffff88015eb5a10 Base fffff88015eb6000 Limit fffff88015eb0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15eb5a50 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15eb5b90 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15eb5c50 fffff880`15c51681 nt!KeWaitForSingleObject+0x1cf fffff880`15eb5ce0 fffff802`b3aab535 srv2!SrvProcBackPocketThread+0x56 fffff880`15eb5d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15eb5da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003defb00 Cid 0004.06f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5d0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed8dd0 Current fffff88015ed8a10 Base fffff88015ed9000 Limit fffff88015ed3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ed8a50 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ed8b90 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15ed8c50 fffff880`15c51681 nt!KeWaitForSingleObject+0x1cf fffff880`15ed8ce0 fffff802`b3aab535 srv2!SrvProcBackPocketThread+0x56 fffff880`15ed8d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15ed8da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003def5c0 Cid 0004.06f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8003e38168 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcIRPThread (0xfffff88015c54a50) Stack Init fffff88015edfdd0 Current fffff88015edf9c0 Base fffff88015ee0000 Limit fffff88015eda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15edfa00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15edfb40 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15edfc00 fffff802`b3ab8209 nt!KeRemoveQueueEx+0x26b fffff880`15edfcb0 fffff880`15c54aa1 nt!KeRemoveQueue+0x21 fffff880`15edfcf0 fffff802`b3aab535 srv2!SrvProcIRPThread+0x51 fffff880`15edfd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15edfda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003e6eb00 Cid 0004.0700 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e669a8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015ef4dd0 Current fffff88015ef4970 Base fffff88015ef5000 Limit fffff88015eef000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e6e5c0 Cid 0004.0704 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66cc8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015efbdd0 Current fffff88015efb970 Base fffff88015efc000 Limit fffff88015ef6000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7e040 Cid 0004.0708 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66648 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f02dd0 Current fffff88015f02970 Base fffff88015f03000 Limit fffff88015efd000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7eb00 Cid 0004.070c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffff88015399c18 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f09dd0 Current fffff88015f09970 Base fffff88015f0a000 Limit fffff88015f04000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80040a8080 Cid 0004.0858 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d10f08 NotificationEvent fffff802b3d10ec8 NotificationEvent fffff802b3d10eb0 NotificationEvent fffff802b3d11190 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740942 Ticks: 186 (0:00:00:02.901) Context Switch Count 4821 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.546 Win32 Start Address nt!PfTLoggingWorker (0xfffff802b3f605a0) Stack Init fffff8801628cdd0 Current fffff8801628c8f0 Base fffff8801628d000 Limit fffff88016287000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1628c930 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1628ca70 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1628cb30 fffff802`b3f6068f nt!KeWaitForMultipleObjects+0x25d fffff880`1628cbe0 fffff802`b3aab535 nt!PfTLoggingWorker+0xef fffff880`1628cd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1628cda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003e14b00 Cid 0004.0924 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a2e9a0 Semaphore Limit 0x4000 fffffa8001a2e9e8 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14339 Ticks: 15726789 (2:20:08:59.480) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine (0xfffff88003ecd5e0) Stack Init fffff880161e2dd0 Current fffff880161e24e0 Base fffff880161e3000 Limit fffff880161dd000 Call 0 Priority 7 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`161e2520 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161e2660 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`161e2720 fffff880`03ecd6b7 nt!KeWaitForMultipleObjects+0x25d fffff880`161e27d0 fffff802`b3aab535 igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine+0xd7 fffff880`161e2d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`161e2da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003fe9b00 Cid 0004.0928 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018a4a90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678938 Ticks: 62190 (0:00:16:10.170) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!DpiPowerArbiterThread (0xfffff880034d2c6c) Stack Init fffff8801636cdd0 Current fffff8801636ca20 Base fffff8801636d000 Limit fffff88016367000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1636ca60 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1636cba0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1636cc60 fffff880`034d2cd3 nt!KeWaitForSingleObject+0x1cf fffff880`1636ccf0 fffff802`b3aab535 dxgkrnl!DpiPowerArbiterThread+0x67 fffff880`1636cd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1636cda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80018b6b00 Cid 0004.094c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001899948 SynchronizationEvent fffffa8001899910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 52310 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:02.152 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff8801638fdd0 Current fffff8801638f850 Base fffff88016390000 Limit fffff8801638a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1638f890 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1638f9d0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1638fa90 fffff880`035bca0f nt!KeWaitForMultipleObjects+0x25d fffff880`1638fb40 fffff880`03587fe5 dxgmms1!VidSchiWaitForSchedulerEvents+0x1d3 fffff880`1638fbe0 fffff880`035bc646 dxgmms1!VidSchiScheduleCommandToRun+0x289 fffff880`1638fd10 fffff802`b3aab535 dxgmms1!VidSchiWorkerThread+0xca fffff880`1638fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1638fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800416db00 Cid 0004.0c1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d1b0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1166 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801722cdd0 Current fffff8801722c9d0 Base fffff8801722d000 Limit fffff88017227000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1722ca10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1722cb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1722cc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`1722ccc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`1722cd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1722cda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001f1eb00 Cid 0004.0fb4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736574 Ticks: 4554 (0:00:01:11.042) Context Switch Count 12894 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88014f95dd0 Current fffff88014f959d0 Base fffff88014f96000 Limit fffff88014f90000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f95a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f95b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14f95c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`14f95cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`14f95d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`14f95da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800406ea40 Cid 0004.0f88 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d160 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 1547 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801754fdd0 Current fffff8801754f9d0 Base fffff88017550000 Limit fffff8801754a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1754fa10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1754fb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1754fc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`1754fcc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`1754fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1754fda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003fb7040 Cid 0004.0f8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734339 Ticks: 6789 (0:00:01:45.909) Context Switch Count 18574 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:04.461 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f33dd0 Current fffff88015f339d0 Base fffff88015f34000 Limit fffff88015f2e000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f33a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f33b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f33c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`15f33cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`15f33d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15f33da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001e8a3c0 Cid 0004.0d54 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1236 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f3add0 Current fffff88015f3a9d0 Base fffff88015f3b000 Limit fffff88015f35000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f3aa10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f3ab50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f3ac10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`15f3acc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`15f3ad50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15f3ada0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001da2380 Cid 0004.0f28 Teb: 0000000000000000 Win32Thread: 0000000000000000 READY on processor 1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 2738 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:06.427 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f41dd0 Current fffff88015f419d0 Base fffff88015f42000 Limit fffff88015f3c000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f41a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f41b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f41c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`15f41cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`15f41d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15f41da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8003da1b00 Cid 0004.0eb0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741099 Ticks: 29 (0:00:00:00.452) Context Switch Count 8016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f87dd0 Current fffff88015f879d0 Base fffff88015f88000 Limit fffff88015f82000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f87a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f87b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f87c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`15f87cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`15f87d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`15f87da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80037195c0 Cid 0004.0eb8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 724 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016014dd0 Current fffff880160149d0 Base fffff88016015000 Limit fffff8801600f000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16014a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16014b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`16014c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`16014cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`16014d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`16014da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002353b00 Cid 0004.0f1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15720041 Ticks: 21087 (0:00:05:28.959) Context Switch Count 2281 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.062 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016030dd0 Current fffff880160309d0 Base fffff88016031000 Limit fffff8801602b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16030a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16030b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`16030c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`16030cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`16030d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`16030da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8002128840 Cid 0004.0ef8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736573 Ticks: 4555 (0:00:01:11.058) Context Switch Count 454 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016037dd0 Current fffff880160379d0 Base fffff88016038000 Limit fffff88016032000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16037a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16037b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`16037c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`16037cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`16037d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`16037da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa800236cb00 Cid 0004.0ebc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800183bbc5 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733088 Ticks: 8040 (0:00:02:05.424) Context Switch Count 24255 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:03.026 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016076dd0 Current fffff880160761a0 Base fffff88016077000 Limit fffff88016071000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`160761e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16076320 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`160763e0 fffffa80`01b883d3 nt!KeWaitForSingleObject+0x1cf fffff880`16076470 fffffa80`0183bbc5 0xfffffa80`01b883d3 fffff880`16076478 00000000`00000000 0xfffffa80`0183bbc5 THREAD fffffa8002376b00 Cid 0004.0d8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 18608 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.452 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880160a0dd0 Current fffff880160a09d0 Base fffff880160a1000 Limit fffff8801609b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`160a0a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160a0b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`160a0c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`160a0cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`160a0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`160a0da0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa8001ee6b00 Cid 0004.0f64 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880173e9dd0 Current fffff880173e99d0 Base fffff880173ea000 Limit fffff880173e4000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173e9a10 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173e9b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173e9c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b fffff880`173e9cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4 fffff880`173e9d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`173e9da0 00000000`00000000 nt!KiStartSystemThread+0x16 PROCESS fffffa8002d78500 SessionId: none Cid: 011c Peb: 7f6a68af000 ParentCid: 0004 DirBase: 06696000 ObjectTable: fffff8a000b3b840 HandleCount: Image: smss.exe VadRoot fffffa8002ccfaf0 Vads 15 Clone 0 Private 67. Modified 46. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a000b3e040 ElapsedTime 2 Days 20:12:14.852 UserTime 00:00:00.000 KernelTime 00:00:00.046 QuotaPoolUsage[PagedPool] 12368 QuotaPoolUsage[NonPagedPool] 2576 Working Set Sizes (now,min,max) (210, 50, 345) (840KB, 200KB, 1380KB) PeakWorkingSetSize 236 VirtualSize 4 Mb PeakVirtualSize 23 Mb PageFaultCount 562 MemoryPriority BACKGROUND BasePriority 11 CommitCharge 80 Setting context for this process... .process /p /r fffffa8002d78500 THREAD fffffa8002dd1b00 Cid 011c.0120 Teb: 000007f6a68ad000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002e6b1c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 4944 Ticks: 15736184 (2:20:11:26.043) Context Switch Count 548 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.436 Win32 Start Address smss!NtProcessStartupW (0x000007f6a6b5bf10) Stack Init fffff88003001dd0 Current fffff880030010f0 Base fffff88003002000 Limit fffff88002ffc000 Call 0 Priority 13 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800209c440 Cid 011c.0ff0 Teb: 000007f6a68ab000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165f1dd0 Current fffff880165f1760 Base fffff880165f2000 Limit fffff880165ec000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165f17a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165f18e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165f19a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`165f1a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`165f1ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165f1c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165f1c40) 000000cf`0bfaf578 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000cf`0bfaf580 000007fe`f7f19d66 ntdll!TppWorkerThread+0x275 000000cf`0bfaf820 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8001d37700 Cid 011c.0d18 Teb: 000007f6a68a7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003035dd0 Current fffff88003035760 Base fffff88003036000 Limit fffff88003030000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`030357a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030358e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`030359a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03035a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03035ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03035c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03035c40) 000000cf`0c0af7a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000cf`0c0af7b0 000007fe`f7f19d66 ntdll!TppWorkerThread+0x275 000000cf`0c0afa50 00000000`00000000 ntdll!RtlUserThreadStart+0x25 PROCESS fffffa8002e6b1c0 SessionId: 0 Cid: 0190 Peb: 7f7688e8000 ParentCid: 0188 DirBase: 114d5000 ObjectTable: fffff8a001c6c680 HandleCount: Image: csrss.exe VadRoot fffffa80037bb420 Vads 87 Clone 0 Private 323. Modified 348. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a001c6ca80 ElapsedTime 2 Days 20:11:51.905 UserTime 00:00:00.015 KernelTime 00:00:01.372 QuotaPoolUsage[PagedPool] 119768 QuotaPoolUsage[NonPagedPool] 11280 Working Set Sizes (now,min,max) (3840, 50, 345) (15360KB, 200KB, 1380KB) PeakWorkingSetSize 9500 VirtualSize 43 Mb PeakVirtualSize 49 Mb PageFaultCount 92593 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 349 Setting context for this process... .process /p /r fffffa8002e6b1c0 THREAD fffffa80032b0600 Cid 0190.01ac Teb: 000007f7688ec000 Win32Thread: fffff901006ddb90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa80032b09a8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0023e4b90 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0) Stack Init fffff88003dacdd0 Current fffff88003dac660 Base fffff88003dad000 Limit fffff88003da7000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03dac6a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dac7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03dac8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`03dac930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`03dac9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`03daca40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`03dacb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`03dacbd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dacc40) 00000016`85bdfa38 000007fe`f4e21f7e ntdll!NtAlpcSendWaitReceivePort+0xa 00000016`85bdfa40 000007fe`f7f19d66 winsrv!TerminalServerRequestThread+0x2d1 00000016`85bdfba0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8002e6a940 Cid 0190.01b0 Teb: 000007f7688ea000 Win32Thread: fffff901006c1b90 WAIT: (UserRequest) UserMode Alertable fffffa800279a6c0 SynchronizationEvent fffffa80031b6be0 SynchronizationEvent fffffa8002e4b7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630) Stack Init fffff88003dbadd0 Current fffff88003dba180 Base fffff88003dbb000 Limit fffff88003db5000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03dba1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dba300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03dba3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03dba470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03dba980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03dbabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dbac40) 00000016`85c1fb68 000007fe`f4e217da ntdll!NtWaitForMultipleObjects+0xa 00000016`85c1fb70 000007fe`f7f19d66 winsrv!NotificationThread+0x1ab 00000016`85c1fe70 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa80019ccb00 Cid 0190.01b4 Teb: 000007f7688e6000 Win32Thread: fffff901000c4b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80019ccea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1385 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.078 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88003db3dd0 Current fffff88003db3750 Base fffff88003db4000 Limit fffff88003dae000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03db3790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03db38d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03db3990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`03db3a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`03db3a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`03db3b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`03db3bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03db3c40) 00000016`85c5f4c8 000007fe`f4e84b91 ntdll!NtAlpcSendWaitReceivePort+0xa 00000016`85c5f4d0 000007fe`f7f19d66 CSRSRV!CsrApiRequestThread+0x155 00000016`85c5f7e0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8002e8cb00 Cid 0190.01b8 Teb: 000007f7688e4000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002e8cea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10) Stack Init fffff88003dc1dd0 Current fffff88003dc17a0 Base fffff88003dc2000 Limit fffff88003dbc000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03dc17e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dc1920 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03dc19e0 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`03dc1a70 fffff802`b3ef350d nt!AlpcpReceiveMessagePort+0x380 fffff880`03dc1ae0 fffff802`b3ef334b nt!AlpcpReceiveLegacyMessage+0x11c fffff880`03dc1b70 fffff802`b3ef31f3 nt!NtReplyWaitReceivePortEx+0xca fffff880`03dc1c00 fffff802`b3b02d53 nt!NtReplyWaitReceivePort+0xf fffff880`03dc1c40 000007fe`f7ec2c9a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dc1c40) 00000016`85c9f6a8 000007fe`f4e83d5d ntdll!NtReplyWaitReceivePort+0xa 00000016`85c9f6b0 000007fe`f7f19d66 CSRSRV!CsrSbApiRequestThread+0x4d 00000016`85c9f840 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8002ecc9c0 Cid 0190.01d8 Teb: 000007f7688ee000 Win32Thread: fffff901001a5450 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002eccd68 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1291 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88003dd1dd0 Current fffff88003dd1750 Base fffff88003dd2000 Limit fffff88003dcc000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03dd1790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dd18d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03dd1990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`03dd1a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`03dd1a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`03dd1b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`03dd1bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dd1c40) 00000016`8612f488 000007fe`f4e84b91 ntdll!NtAlpcSendWaitReceivePort+0xa 00000016`8612f490 000007fe`f7f19d66 CSRSRV!CsrApiRequestThread+0x155 00000016`8612f7a0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa800368ab00 Cid 0190.0210 Teb: 000007f7687be000 Win32Thread: fffff901001a3b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa800367bb50 SynchronizationEvent fffffa800367b970 NotificationTimer fffffa800367b920 SynchronizationTimer fffff802b3d20c20 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 307 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff88003deddd0 Current fffff88003ded810 Base fffff88003dee000 Limit fffff88003de8000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03ded850 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03ded990 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03deda50 fffff960`00152571 nt!KeWaitForMultipleObjects+0x25d fffff880`03dedb00 fffff960`001902d0 win32k!RawInputThread+0x695 fffff880`03dedbe0 fffff960`001376ff win32k!xxxCreateSystemThreads+0x48 fffff880`03dedc10 fffff802`b3b02d53 win32k!NtUserCallNoParam+0x17f fffff880`03dedc40 000007fe`f4e2180a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dedc40) 00000016`8616fea8 000007fe`f4e22be9 winsrv!NtUserCallNoParam+0xa 00000016`8616feb0 000007fe`f7f19d66 winsrv!StartCreateSystemThreads+0x19 00000016`8616fee0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa800367fb00 Cid 0190.0214 Teb: 000007f7687bc000 Win32Thread: fffff901001a3610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800367b8f0 SynchronizationEvent fffffa8002eec1f0 SynchronizationEvent fffffa80036828e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 38 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801501bdd0 Current fffff8801501b7e0 Base fffff8801501c000 Limit fffff88015016000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1501b820 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1501b960 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1501ba20 fffff960`000f6d4b nt!KeWaitForMultipleObjects+0x25d fffff880`1501bad0 fffff960`000f6fe6 win32k!xxxDesktopThreadWaiter+0x107 fffff880`1501bb50 fffff960`001902e0 win32k!xxxDesktopThread+0x1e6 fffff880`1501bbe0 fffff960`001376ff win32k!xxxCreateSystemThreads+0x58 fffff880`1501bc10 fffff802`b3b02d53 win32k!NtUserCallNoParam+0x17f fffff880`1501bc40 000007fe`f4e2180a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1501bc40) 00000016`861af898 000007fe`f4e22be9 winsrv!NtUserCallNoParam+0xa 00000016`861af8a0 000007fe`f7f19d66 winsrv!StartCreateSystemThreads+0x19 00000016`861af8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8003799b00 Cid 0190.02f8 Teb: 000007f7687ba000 Win32Thread: fffff901000bb580 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037999f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801512cdd0 Current fffff8801512c750 Base fffff8801512d000 Limit fffff88015127000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1512c790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1512c8d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1512c990 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1512ca20 fffff960`000f6d4b nt!KeWaitForMultipleObjects+0x2ce fffff880`1512cad0 fffff960`000f6fe6 win32k!xxxDesktopThreadWaiter+0x107 fffff880`1512cb50 fffff960`001902e0 win32k!xxxDesktopThread+0x1e6 fffff880`1512cbe0 fffff960`001376ff win32k!xxxCreateSystemThreads+0x58 fffff880`1512cc10 fffff802`b3b02d53 win32k!NtUserCallNoParam+0x17f fffff880`1512cc40 000007fe`f4e2180a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1512cc40) 00000016`8772f988 000007fe`f4e22be9 winsrv!NtUserCallNoParam+0xa 00000016`8772f990 000007fe`f7f19d66 winsrv!StartCreateSystemThreads+0x19 00000016`8772f9c0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8001eec080 Cid 0190.0258 Teb: 000007f7687b4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbd180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016373dd0 Current fffff88016373760 Base fffff88016374000 Limit fffff8801636e000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`163737a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`163738e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`163739a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16373a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16373ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16373c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16373c40) 00000016`87c7fc48 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000016`87c7fc50 000007fe`f7f19d66 ntdll!TppWorkerThread+0x275 00000016`87c7fef0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 PROCESS fffffa8002e7b940 SessionId: 0 Cid: 01c4 Peb: 7f6f01fc000 ParentCid: 0188 DirBase: 2449b000 ObjectTable: fffff8a00156ed80 HandleCount: Image: wininit.exe VadRoot fffffa8002d8f2f0 Vads 42 Clone 0 Private 175. Modified 121. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a00156d610 ElapsedTime 2 Days 20:11:36.367 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 97312 QuotaPoolUsage[NonPagedPool] 8128 Working Set Sizes (now,min,max) (942, 50, 345) (3768KB, 200KB, 1380KB) PeakWorkingSetSize 1006 VirtualSize 40 Mb PeakVirtualSize 43 Mb PageFaultCount 1558 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 255 Setting context for this process... .process /p /r fffffa8002e7b940 THREAD fffffa8002e8b5c0 Cid 01c4.01c8 Teb: 000007f6f01fe000 Win32Thread: fffff901000d4820 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003686d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 7115 Ticks: 15734013 (2:20:10:52.175) Context Switch Count 2948 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.358 Win32 Start Address wininit!WinMainCRTStartup (0x000007f6f0915c8c) Stack Init fffff88003c68dd0 Current fffff88003c68900 Base fffff88003c69000 Limit fffff88003c63000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80041acb00 Cid 01c4.0e20 Teb: 000007f6f01fa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002e6bd40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f6bdd0 Current fffff88015f6b760 Base fffff88015f6c000 Limit fffff88015f66000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15f6b7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f6b8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f6b9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15f6ba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15f6bae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15f6bc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f6bc40) 000000e7`16caf8d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000e7`16caf8e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000e7`16cafb80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000e7`16cafbb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80033c3080 SessionId: 0 Cid: 0220 Peb: 7f75ab5d000 ParentCid: 01c4 DirBase: 2e23b000 ObjectTable: fffff8a0016a32c0 HandleCount: Image: services.exe VadRoot fffffa800373e230 Vads 66 Clone 0 Private 819. Modified 718. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a0016a8060 ElapsedTime 2 Days 20:11:16.711 UserTime 00:00:00.327 KernelTime 00:00:01.326 QuotaPoolUsage[PagedPool] 93456 QuotaPoolUsage[NonPagedPool] 11424 Working Set Sizes (now,min,max) (1728, 50, 345) (6912KB, 200KB, 1380KB) PeakWorkingSetSize 2755 VirtualSize 31 Mb PeakVirtualSize 46 Mb PageFaultCount 6611 MemoryPriority BACKGROUND BasePriority 9 CommitCharge 1007 Setting context for this process... .process /p /r fffffa80033c3080 THREAD fffffa800372cb00 Cid 0220.0278 Teb: 000007f75ab53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1e760 SynchronizationEvent fffffa8003715800 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address UBPM!UbpmpConsumeEvents (0x000007fef493cb10) Stack Init fffff8801507ddd0 Current fffff8801507d180 Base fffff8801507e000 Limit fffff88015078000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1507d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1507d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1507d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1507d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1507d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1507dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1507dc40) 00000069`8401f708 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 00000069`8401f710 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 00000069`8401f770 000007fe`f493cba0 KERNELBASE!ProcessTrace+0x1bf 00000069`8401fa20 000007fe`f601167e UBPM!UbpmpConsumeEvents+0x90 00000069`8401fa70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`8401faa0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003746640 Cid 0220.02a4 Teb: 000007f75aa2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003743080 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 12509 Ticks: 15728619 (2:20:09:28.028) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150cadd0 Current fffff880150ca760 Base fffff880150cb000 Limit fffff880150c5000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc5b00 Cid 0220.0ab4 Teb: 000007f75aa2e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038142e0 NotificationEvent fffffa8002cf71c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 157 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f09dd0 Current fffff88014f09180 Base fffff88014f0a000 Limit fffff88014f04000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f091c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f09300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f093c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f09470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f09980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f09bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f09c40) 00000069`8409f608 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000069`8409f610 000007fe`f492818a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000069`8409f8f0 000007fe`f4921098 UBPM!UbpmpConsumeHostCommandActionCallback+0x7a 00000069`8409f960 000007fe`f7ecd893 UBPM!UbpmUtilsWorkCallback+0x28 00000069`8409f990 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000069`8409fae0 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000069`8409fd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`8409fdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cfdb00 Cid 0220.0284 Teb: 000007f75ab59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 294 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165c9dd0 Current fffff880165c9760 Base fffff880165ca000 Limit fffff880165c4000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165c97a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165c98e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165c99a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`165c9a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`165c9ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165c9c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165c9c40) 00000069`83e9fa98 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000069`83e9faa0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000069`83e9fd40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`83e9fd70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002669080 Cid 0220.07cc Teb: 000007f75aa24000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017053dd0 Current fffff88017053760 Base fffff88017054000 Limit fffff8801704e000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170537a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170538e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170539a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17053a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17053ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17053c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17053c40) 00000069`8440f568 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000069`8440f570 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000069`8440f810 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`8440f840 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002664b00 Cid 0220.097c Teb: 000007f75ab5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e9dd0 Current fffff880164e9760 Base fffff880164ea000 Limit fffff880164e4000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164e97a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164e98e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164e99a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`164e9a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`164e9ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164e9c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164e9c40) 00000069`8376fb18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000069`8376fb20 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000069`8376fdc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`8376fdf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d2c700 Cid 0220.0ca4 Teb: 000007f75ab5b000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15733062 Ticks: 8066 (0:00:02:05.830) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164f2dd0 Current fffff880164f2760 Base fffff880164f3000 Limit fffff880164ed000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`164f27a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164f28e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164f29a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`164f2a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`164f2ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164f2c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164f2c40) 00000069`83e1f8c8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000069`83e1f8d0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000069`83e1fb70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`83e1fba0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018f5b00 Cid 0220.05f0 Teb: 000007f75aa28000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e1dd0 Current fffff880164e1760 Base fffff880164e2000 Limit fffff880164dc000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164e17a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164e18e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164e19a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`164e1a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`164e1ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164e1c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164e1c40) 00000069`8430f978 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000069`8430f980 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000069`8430fc20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000069`8430fc50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003694940 SessionId: 0 Cid: 0228 Peb: 7f6f354f000 ParentCid: 01c4 DirBase: 2e64e000 ObjectTable: fffff8a0016aca40 HandleCount: Image: lsass.exe VadRoot fffffa800365b990 Vads 109 Clone 0 Private 892. Modified 1044. Locked 2. DeviceMap fffff8a00000c340 Token fffff8a0016c6860 ElapsedTime 2 Days 20:11:15.588 UserTime 00:00:00.546 KernelTime 00:00:01.372 QuotaPoolUsage[PagedPool] 100688 QuotaPoolUsage[NonPagedPool] 24352 Working Set Sizes (now,min,max) (2680, 50, 345) (10720KB, 200KB, 1380KB) PeakWorkingSetSize 2731 VirtualSize 36 Mb PeakVirtualSize 38 Mb PageFaultCount 5181 MemoryPriority BACKGROUND BasePriority 9 CommitCharge 1107 Setting context for this process... .process /p /r fffffa8003694940 THREAD fffffa8003672080 Cid 0228.0230 Teb: 000007f6f354b000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8003672428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15680668 Ticks: 60460 (0:00:15:43.182) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lsass!LsapRmServerThread (0x000007f6f3891040) Stack Init fffff88015029dd0 Current fffff880150297a0 Base fffff8801502a000 Limit fffff88015024000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150297e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15029920 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`150299e0 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`15029a70 fffff802`b3ef350d nt!AlpcpReceiveMessagePort+0x380 fffff880`15029ae0 fffff802`b3ef334b nt!AlpcpReceiveLegacyMessage+0x11c fffff880`15029b70 fffff802`b3ef31f3 nt!NtReplyWaitReceivePortEx+0xca fffff880`15029c00 fffff802`b3b02d53 nt!NtReplyWaitReceivePort+0xf fffff880`15029c40 000007fe`f7ec2c9a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15029c40) 00000022`79b7f868 000007f6`f389109b ntdll!NtReplyWaitReceivePort+0xa 00000022`79b7f870 000007fe`f601167e lsass!LsapRmServerThread+0x5b 00000022`79b7fcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`79b7fce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800369cb00 Cid 0228.0234 Teb: 000007f6f3549000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800368c4c0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15692050 Ticks: 49078 (0:00:12:45.621) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lsasrv!ServiceDispatcherThread (0x000007fef4aa3990) Stack Init fffff8801504cdd0 Current fffff8801504c900 Base fffff8801504d000 Limit fffff88015047000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1504c940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1504ca80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1504cb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1504cbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1504cc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1504cc40) 00000022`79bff4e8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000022`79bff4f0 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000022`79bff590 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000022`79bff6d0 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000022`79bff7d0 000007fe`f4aa39f5 sechost!StartServiceCtrlDispatcherW+0x54 00000022`79bff810 000007fe`f601167e lsasrv!ServiceDispatcherThread+0x65 00000022`79bff840 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`79bff870 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80036f4700 Cid 0228.023c Teb: 000007f6f3545000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15731618 Ticks: 9510 (0:00:02:28.356) Context Switch Count 25 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801505add0 Current fffff8801505a760 Base fffff8801505b000 Limit fffff88015055000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1505a7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1505a8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1505a9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1505aa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1505aae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1505ac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1505ac40) 00000022`79d5fca8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`79d5fcb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`79d5ff50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`79d5ff80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f8a080 Cid 0228.0be4 Teb: 000007f6f354d000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800274cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 4108 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.218 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801708bdd0 Current fffff8801708b760 Base fffff8801708c000 Limit fffff88017086000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1708b7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1708b8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1708b9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1708ba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1708bae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1708bc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1708bc40) 00000022`798dfca8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`798dfcb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`798dff50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`798dff80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001fa3080 Cid 0228.0c94 Teb: 000007f6f3547000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800404d990: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 4649 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e68dd0 Current fffff88014e68760 Base fffff88014e69000 Limit fffff88014e63000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14e687a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e688e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e689a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e68a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e68ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e68c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e68c40) 00000022`79cdfb88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`79cdfb90 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`79cdfe30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`79cdfe60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cc6080 Cid 0228.0b64 Teb: 000007f6f341e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739107 Ticks: 2021 (0:00:00:31.527) Context Switch Count 650 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014edfdd0 Current fffff88014edf760 Base fffff88014ee0000 Limit fffff88014eda000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14edf7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14edf8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14edf9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14edfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14edfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14edfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14edfc40) 00000022`7a13f918 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7a13f920 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7a13fbc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7a13fbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d4fb00 Cid 0228.0b8c Teb: 000007f6f341c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017092dd0 Current fffff88017092760 Base fffff88017093000 Limit fffff8801708d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170927a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170928e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170929a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17092a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17092ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17092c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17092c40) 00000022`7a22f558 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7a22f560 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7a22f800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7a22f830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003740540 SessionId: 0 Cid: 0288 Peb: 7f6fb59b000 ParentCid: 0220 DirBase: 30729000 ObjectTable: fffff8a0023607c0 HandleCount: Image: svchost.exe VadRoot fffffa800371ad60 Vads 95 Clone 0 Private 474. Modified 263. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a0023a0060 ElapsedTime 2 Days 20:10:57.445 UserTime 00:00:00.140 KernelTime 00:00:00.296 QuotaPoolUsage[PagedPool] 119744 QuotaPoolUsage[NonPagedPool] 13600 Working Set Sizes (now,min,max) (2130, 50, 345) (8520KB, 200KB, 1380KB) PeakWorkingSetSize 2168 VirtualSize 38 Mb PeakVirtualSize 59 Mb PageFaultCount 3201 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 702 Setting context for this process... .process /p /r fffffa8003740540 THREAD fffffa800373db00 Cid 0288.028c Teb: 000007f6fb59e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800373eb60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880150a7dd0 Current fffff880150a7900 Base fffff880150a8000 Limit fffff880150a2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150a7940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150a7a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`150a7b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`150a7bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`150a7c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150a7c40) 000000f7`c7cbf7a8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000f7`c7cbf7b0 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 000000f7`c7cbf850 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 000000f7`c7cbf990 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 000000f7`c7cbfa90 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 000000f7`c7cbfad0 000007f6`fb7a2742 svchost!wmain+0x269 000000f7`c7cbfb20 000007fe`f601167e svchost!_wmainCRTStartup+0x74 000000f7`c7cbfb50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c7cbfb80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800373b8c0 Cid 0288.0290 Teb: 000007f6fb59c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003784180 SynchronizationEvent fffffa80037795d0 SynchronizationEvent fffffa8003779bc0 SynchronizationEvent fffffa8003780940 SynchronizationEvent fffffa800325fd00 SynchronizationEvent fffffa8003779750 SynchronizationEvent fffffa80037796d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 59 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150aedd0 Current fffff880150ae180 Base fffff880150af000 Limit fffff880150a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150ae1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150ae300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`150ae3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`150ae470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`150ae980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`150aebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150aec40) 000000f7`c7e0f608 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f7`c7e0f610 000007fe`f3e83908 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f7`c7e0f8f0 000007fe`f7ecd893 lsm!CPolicyMonitor::PolicyMonitorWorker+0x229 000000f7`c7e0f950 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 000000f7`c7e0faa0 000007fe`f601167e ntdll!TppWorkerThread+0x604 000000f7`c7e0fd40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c7e0fd70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800375e8c0 Cid 0288.02c4 Teb: 000007f6fb593000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003762540 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7531 Ticks: 15733597 (2:20:10:45.686) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150fbdd0 Current fffff880150fb760 Base fffff880150fc000 Limit fffff880150f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800375d940 Cid 0288.02cc Teb: 000007f6fb597000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037593c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20982 Ticks: 15720146 (2:20:07:15.849) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150d1dd0 Current fffff880150d1760 Base fffff880150d2000 Limit fffff880150cc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003719b00 Cid 0288.019c Teb: 000007f6fb466000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1059 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016454dd0 Current fffff88016454760 Base fffff88016455000 Limit fffff8801644f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164547a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164548e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164549a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16454a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16454ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16454c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16454c40) 000000f7`c8e5f768 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f7`c8e5f770 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f7`c8e5fa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c8e5fa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020bc940 Cid 0288.0048 Teb: 000007f6fb595000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1060 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801644ddd0 Current fffff8801644d760 Base fffff8801644e000 Limit fffff88016448000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1644d7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1644d8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1644d9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1644da50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1644dae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1644dc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1644dc40) 000000f7`c856f878 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f7`c856f880 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f7`c856fb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c856fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ec1b00 Cid 0288.0f04 Teb: 000007f6fb599000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 230 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151e2dd0 Current fffff880151e2760 Base fffff880151e3000 Limit fffff880151dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151e27a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151e28e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`151e29a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`151e2a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`151e2ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151e2c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151e2c40) 000000f7`c7f8f838 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f7`c7f8f840 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f7`c7f8fae0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c7f8fb10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001dfc900 Cid 0288.0d40 Teb: 000007f6fb464000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fe3c80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017492dd0 Current fffff88017492760 Base fffff88017493000 Limit fffff8801748d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174927a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174928e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174929a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17492a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17492ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17492c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17492c40) 000000f7`c8f5f568 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f7`c8f5f570 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f7`c8f5f810 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c8f5f840 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d47080 Cid 0288.0f9c Teb: 000007f6fb462000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800388f1f0 SynchronizationEvent fffffa8003dc6060 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739363 Ticks: 1765 (0:00:00:27.534) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174a0dd0 Current fffff880174a0180 Base fffff880174a1000 Limit fffff8801749b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174a01c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174a0300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174a03c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`174a0470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`174a0980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`174a0bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174a0c40) 000000f7`c8fdf748 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f7`c8fdf750 000007fe`f7b32333 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f7`c8fdfa30 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x163 000000f7`c8fdfca0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f7`c8fdfcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f7`c8fdfd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003763540 SessionId: 0 Cid: 02b0 Peb: 7f6fab93000 ParentCid: 0220 DirBase: 30d47000 ObjectTable: fffff8a0023d3940 HandleCount: Image: svchost.exe VadRoot fffffa800374bc20 Vads 60 Clone 0 Private 751. Modified 34. Locked 2. DeviceMap fffff8a0007b8aa0 Token fffff8a0023d4060 ElapsedTime 2 Days 20:10:56.291 UserTime 00:00:00.592 KernelTime 00:00:00.483 QuotaPoolUsage[PagedPool] 70192 QuotaPoolUsage[NonPagedPool] 13744 Working Set Sizes (now,min,max) (1623, 50, 345) (6492KB, 200KB, 1380KB) PeakWorkingSetSize 1647 VirtualSize 26 Mb PeakVirtualSize 29 Mb PageFaultCount 2571 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 903 Setting context for this process... .process /p /r fffffa8003763540 THREAD fffffa8003756080 Cid 02b0.02b4 Teb: 000007f6fab9e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033d3300 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679237 Ticks: 61891 (0:00:16:05.505) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880150d8dd0 Current fffff880150d8900 Base fffff880150d9000 Limit fffff880150d3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150d8940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150d8a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`150d8b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`150d8bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`150d8c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150d8c40) 000000d3`4b50f938 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000d3`4b50f940 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 000000d3`4b50f9e0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 000000d3`4b50fb20 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 000000d3`4b50fc20 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 000000d3`4b50fc60 000007f6`fb7a2742 svchost!wmain+0x269 000000d3`4b50fcb0 000007fe`f601167e svchost!_wmainCRTStartup+0x74 000000d3`4b50fce0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4b50fd10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800375cb00 Cid 02b0.02d0 Teb: 000007f6fab98000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c060 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738870 Ticks: 2258 (0:00:00:35.225) Context Switch Count 182 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880150eddd0 Current fffff880150ed0f0 Base fffff880150ee000 Limit fffff880150e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150ed130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150ed270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`150ed330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`150ed3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`150ed470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`150ed980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`150edbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150edc40) 000000d3`4b8bf2a8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000d3`4b8bf2b0 000007fe`f3f851fb KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000d3`4b8bf590 000007fe`f3fc4266 rpcss!ObjectExporterWorkerThread+0x43b 000000d3`4b8bf850 000007fe`f3fc5f7e rpcss!ScmServiceMain+0x96 000000d3`4b8bf880 000007f6`fb7a12f3 rpcss!ServiceMain+0x12e 000000d3`4b8bf8d0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000d3`4b8bfa20 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000d3`4b8bfa50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4b8bfa80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033d2b00 Cid 02b0.02d4 Teb: 000007f6fab96000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376a080 QueueObject IRP List: fffffa80031cbe10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8002e7d4f0: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679451 Ticks: 61677 (0:00:16:02.167) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015102dd0 Current fffff88015102760 Base fffff88015103000 Limit fffff880150fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`151027a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151028e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`151029a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15102a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15102ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15102c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15102c40) 000000d3`4bc1fa28 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d3`4bc1fa30 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d3`4bc1fcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4bc1fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f5b080 Cid 02b0.0904 Teb: 000007f6faa66000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736696 Ticks: 4432 (0:00:01:09.139) Context Switch Count 99 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570) Stack Init fffff880170cadd0 Current fffff880170ca0f0 Base fffff880170cb000 Limit fffff880170c5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170ca130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170ca270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`170ca330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`170ca3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`170ca470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`170ca980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`170cabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170cac40) 000000d3`4c0bf998 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000d3`4c0bf9a0 000007fe`f3f85700 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000d3`4c0bfc80 000007fe`f601167e rpcss!ObjectExporterTaskThread+0x1a2 000000d3`4c0bfef0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4c0bff20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80021b0080 Cid 02b0.0784 Teb: 000007f6faa6a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728874 Ticks: 12254 (0:00:03:11.163) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570) Stack Init fffff8801723add0 Current fffff8801723a0f0 Base fffff8801723b000 Limit fffff88017235000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1723a130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1723a270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1723a330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1723a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1723a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1723a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1723abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1723ac40) 000000d3`4be3f5c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000d3`4be3f5d0 000007fe`f3f85700 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000d3`4be3f8b0 000007fe`f601167e rpcss!ObjectExporterTaskThread+0x1a2 000000d3`4be3fb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4be3fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003797b00 Cid 02b0.0abc Teb: 000007f6fab94000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736683 Ticks: 4445 (0:00:01:09.342) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017172dd0 Current fffff88017172760 Base fffff88017173000 Limit fffff8801716d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171727a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171728e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171729a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17172a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17172ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17172c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17172c40) 000000d3`4bc9f978 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d3`4bc9f980 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d3`4bc9fc20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4bc9fc50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001fc54c0 Cid 02b0.0db0 Teb: 000007f6faa6e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 892 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174dddd0 Current fffff880174dd760 Base fffff880174de000 Limit fffff880174d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174dd7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174dd8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174dd9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`174dda50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`174ddae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174ddc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174ddc40) 000000d3`4bd1f9e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d3`4bd1f9f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d3`4bd1fc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4bd1fcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003757080 Cid 02b0.0f24 Teb: 000007f6fab9a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 103 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017456dd0 Current fffff88017456760 Base fffff88017457000 Limit fffff88017451000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174567a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174568e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174569a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17456a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17456ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17456c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17456c40) 000000d3`4b83f7e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d3`4b83f7f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d3`4b83fa90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d3`4b83fac0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa800379c940 SessionId: 0 Cid: 02f0 Peb: 7f6faabb000 ParentCid: 0220 DirBase: 31659000 ObjectTable: fffff8a00248d1c0 HandleCount: Image: svchost.exe VadRoot fffffa8003792180 Vads 191 Clone 0 Private 2678. Modified 1152. Locked 4. DeviceMap fffff8a002487200 Token fffff8a002492060 ElapsedTime 2 Days 20:10:54.122 UserTime 00:00:00.655 KernelTime 00:00:01.170 QuotaPoolUsage[PagedPool] 182960 QuotaPoolUsage[NonPagedPool] 32064 Working Set Sizes (now,min,max) (5727, 50, 345) (22908KB, 200KB, 1380KB) PeakWorkingSetSize 6197 VirtualSize 103 Mb PeakVirtualSize 119 Mb PageFaultCount 11110 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 4051 Setting context for this process... .process /p /r fffffa800379c940 THREAD fffffa800379a700 Cid 02f0.02f4 Teb: 000007f6faabe000 Win32Thread: fffff901000bb010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003795770 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015117dd0 Current fffff88015117900 Base fffff88015118000 Limit fffff88015112000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15117940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15117a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15117b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15117bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15117c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15117c40) 00000040`33b3f848 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000040`33b3f850 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000040`33b3f8f0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000040`33b3fa30 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000040`33b3fb30 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 00000040`33b3fb70 000007f6`fb7a2742 svchost!wmain+0x269 00000040`33b3fbc0 000007fe`f601167e svchost!_wmainCRTStartup+0x74 00000040`33b3fbf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`33b3fc20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037b2b00 Cid 02f0.0308 Teb: 000007f6faab5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800379b750 SynchronizationEvent fffffa80037b2680 SynchronizationEvent fffffa800376f1b0 SynchronizationEvent fffffa800379b4b0 SynchronizationTimer fffffa800379b850 SynchronizationTimer fffffa80037b2600 SynchronizationEvent fffffa800379b7d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679108 Ticks: 62020 (0:00:16:07.518) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!WriteQueuedEvents (0x000007fef3b0bf50) Stack Init fffff8801514fdd0 Current fffff8801514f180 Base fffff88015150000 Limit fffff8801514a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1514f1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1514f300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1514f3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1514f470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1514f980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1514fbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1514fc40) 00000040`3474f878 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`3474f880 000007fe`f3b0c0fd KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`3474fb60 000007fe`f601167e wevtsvc!WriteQueuedEvents+0x45d 00000040`3474fc10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3474fc40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038cc080 Cid 02f0.02c0 Teb: 000007f6faab7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80038d49c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719569 Ticks: 21559 (0:00:05:36.322) Context Switch Count 309 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address audiosrv!EventWorkerThread (0x000007fef0fa1330) Stack Init fffff880154d3dd0 Current fffff880154d37a0 Base fffff880154d4000 Limit fffff880154ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154d37e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154d3920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`154d39e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`154d3a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`154d3b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`154d3bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154d3c40) 00000040`34e6fc68 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000040`34e6fc70 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000040`34e6fcd0 000007fe`f0fa13a4 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000040`34e6fd10 000007fe`f601167e audiosrv!EventWorkerThread+0x74 00000040`34e6fd70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`34e6fda0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038af8c0 Cid 02f0.02dc Teb: 000007f6fa986000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038ac380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015504dd0 Current fffff88015504760 Base fffff88015505000 Limit fffff880154ff000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155047a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155048e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`155049a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15504a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15504ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15504c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15504c40) 00000040`34eef938 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000040`34eef940 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000040`34eefbe0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`34eefc10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003934a80 Cid 02f0.038c Teb: 000007f6fa980000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039243e0 NotificationEvent fffffa8003912880 SynchronizationEvent fffffa8003946ae0 NotificationEvent fffffa8003939d80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 86 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015519dd0 Current fffff88015519180 Base fffff8801551a000 Limit fffff88015514000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155191c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15519300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155193c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15519470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15519980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15519bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15519c40) 00000040`3506f858 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`3506f860 000007fe`f08b2fa7 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`3506fb40 000007fe`f08c771d dhcpcore!ProcessDhcpRequestForever+0x3cd 00000040`3506fc20 000007f6`fb7a12f3 dhcpcore!ServiceMain+0x278 00000040`3506fcb0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 00000040`3506fe00 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 00000040`3506fe30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3506fe60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003937100 Cid 02f0.03d0 Teb: 000007f6fa97c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039243e0 NotificationEvent fffffa8003937b80 SynchronizationEvent fffffa80032b4ac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734019 Ticks: 7109 (0:00:01:50.901) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dhcpcore6!Dhcpv6Main (0x000007fef07fc110) Stack Init fffff88015557dd0 Current fffff88015557180 Base fffff88015558000 Limit fffff88015552000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155571c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15557300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155573c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15557470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15557980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15557bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15557c40) 00000040`3516f898 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`3516f8a0 000007fe`f07f25b3 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`3516fb80 000007fe`f07fc23b dhcpcore6!ProcessDhcpv6RequestForever+0x1ad 00000040`3516fec0 000007fe`f601167e dhcpcore6!Dhcpv6Main+0x143 00000040`3516ff10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3516ff40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039576c0 Cid 02f0.0194 Teb: 000007f6fa97a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800393e750 NotificationEvent fffffa80039574a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11103 Ticks: 15730025 (2:20:09:49.962) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wcmsvc!CdeNotificationListenerThread (0x000007fef0ad97dc) Stack Init fffff880154b0dd0 Current fffff880154b0180 Base fffff880154b1000 Limit fffff880154ab000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397f080 Cid 02f0.0404 Teb: 000007f6fa978000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800392fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address Wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff8801559ddd0 Current fffff8801559d900 Base fffff8801559e000 Limit fffff88015598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1559d940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1559da80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1559db40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1559dbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1559dc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1559dc40) 00000040`3526f978 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000040`3526f980 000007fe`f03bba6b KERNELBASE!WaitForSingleObjectEx+0x92 00000040`3526fa20 000007fe`f601167e Wlanapi!NotificationApcThreadProc+0x6b 00000040`3526fa50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3526fa80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800397f700 Cid 02f0.0408 Teb: 000007f6fa976000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003938f90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9576 Ticks: 15731552 (2:20:10:13.784) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wcmcsp!DisconnectCallback (0x000007fef07dc138) Stack Init fffff88015596dd0 Current fffff88015596900 Base fffff88015597000 Limit fffff88015591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f84b00 Cid 02f0.07c8 Teb: 000007f6fa968000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d83b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13655 Ticks: 15727473 (2:20:09:10.151) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880160cadd0 Current fffff880160ca900 Base fffff880160cb000 Limit fffff880160c5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800279d800 Cid 02f0.0b80 Teb: 000007f6fa96e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002778930 NotificationEvent fffffa8003ee48f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015110dd0 Current fffff88015110180 Base fffff88015111000 Limit fffff8801510b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`151101c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15110300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`151103c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15110470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15110980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15110bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15110c40) 00000040`354ef7d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`354ef7e0 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`354efac0 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000040`354efb00 000007fe`ec0f7d12 combase!CoWaitForMultipleHandles+0xda 00000040`354efb40 000007fe`f2ef410c provsvc!CRecordQueueManager::_s_RecordQueueThreadProc+0xd2 00000040`354efbe0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000040`354efcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`354efd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037fa080 Cid 02f0.09ec Teb: 000007f6fa98c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002da9c70 SynchronizationEvent fffffa80036d3c70 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.031 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff88015195dd0 Current fffff88015195180 Base fffff88015196000 Limit fffff88015190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151951c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15195300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`151953c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15195470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15195980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15195bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15195c40) 00000040`3499fb38 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 00000040`3499fb40 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 00000040`3499fba0 000007fe`f3b1d601 KERNELBASE!ProcessTrace+0x1bf 00000040`3499fe50 000007fe`f601167e wevtsvc!ProcessEventsThread+0x55 00000040`3499fe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3499feb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003988700 Cid 02f0.0738 Teb: 000007f6fa98a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026241c0 SynchronizationEvent fffffa80018f7460 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff880151a3dd0 Current fffff880151a3180 Base fffff880151a4000 Limit fffff8801519e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`151a31c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151a3300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`151a33c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`151a3470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`151a3980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`151a3bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151a3c40) 00000040`34a1f4b8 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 00000040`34a1f4c0 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 00000040`34a1f520 000007fe`f3b1d601 KERNELBASE!ProcessTrace+0x1bf 00000040`34a1f7d0 000007fe`f601167e wevtsvc!ProcessEventsThread+0x55 00000040`34a1f800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`34a1f830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f11080 Cid 02f0.0724 Teb: 000007f6fa98e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e05590 SynchronizationEvent fffffa8003dda840 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739381 Ticks: 1747 (0:00:00:27.253) Context Switch Count 96 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac) Stack Init fffff88015172dd0 Current fffff88015172180 Base fffff88015173000 Limit fffff8801516d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151721c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15172300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`151723c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15172470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15172980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15172bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15172c40) 00000040`3491f488 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 00000040`3491f490 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 00000040`3491f4f0 000007fe`f3b1d601 KERNELBASE!ProcessTrace+0x1bf 00000040`3491f7a0 000007fe`f601167e wevtsvc!ProcessEventsThread+0x55 00000040`3491f7d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3491f800 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039da080 Cid 02f0.09cc Teb: 000007f6fa96c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800339a7f0 SynchronizationEvent fffffa80030abac0 SynchronizationTimer fffffa80040b2f50 SynchronizationEvent fffffa800362da30 SynchronizationEvent fffffa8003e2d320 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679442 Ticks: 61686 (0:00:16:02.307) Context Switch Count 257 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wscsvc!CThirdPartyMonitoring::MonitoringThreadProcEntry (0x000007feecb6d438) Stack Init fffff88016470dd0 Current fffff88016470180 Base fffff88016471000 Limit fffff8801646b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`164701c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16470300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`164703c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16470470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16470980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16470bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16470c40) 00000040`3556fa08 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`3556fa10 000007fe`ecb6144f KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`3556fcf0 000007fe`ecb6d466 wscsvc!CThirdPartyMonitoring::MonitoringThreadProc+0x168 00000040`3556fd30 000007fe`f601167e wscsvc!CThirdPartyMonitoring::MonitoringThreadProcEntry+0x2e 00000040`3556fd60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3556fd90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003be9740 Cid 02f0.07f8 Teb: 000007f6fa96a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003e2b900 NotificationEvent fffffa8003f1c4d0 SynchronizationEvent fffffa80038f4cc0 SynchronizationEvent fffffa800265a460 SynchronizationEvent fffffa8003f336c0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733531 Ticks: 7597 (0:00:01:58.513) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address wscsvc!SystemMonitoringThreadProc (0x000007feecb64140) Stack Init fffff88014fb1dd0 Current fffff88014fb1180 Base fffff88014fb2000 Limit fffff88014fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14fb11c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fb1300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14fb13c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14fb1470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14fb1980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14fb1bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fb1c40) 00000040`355ef548 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`355ef550 000007fe`ecb61710 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`355ef830 000007fe`f601167e wscsvc!SystemMonitoringThreadProc+0x4bf 00000040`355ef960 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`355ef990 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038cdb00 Cid 02f0.0d94 Teb: 000007f6fa95e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject IRP List: fffffa8001ff9a60: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 2627 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016493dd0 Current fffff88016493760 Base fffff88016494000 Limit fffff8801648e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164937a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164938e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164939a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16493a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16493ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16493c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16493c40) 00000040`36c2f9b8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000040`36c2f9c0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000040`36c2fc60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`36c2fc90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c63080 Cid 02f0.0374 Teb: 000007f6fa97e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393e2a0 SynchronizationEvent fffffa800393dd00 SynchronizationEvent IRP List: fffffa8002e95b50: (0006,0118) Flags: 00060000 Mdl: fffffa8002770f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015542dd0 Current fffff88015542180 Base fffff88015543000 Limit fffff8801553d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155421c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15542300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155423c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15542470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15542980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15542bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15542c40) 00000040`350efa48 000007fe`f0bc123e ntdll!NtWaitForMultipleObjects+0xa 00000040`350efa50 000007f6`fb7a12f3 lmhsvc!ServiceMain+0x279 00000040`350efc70 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 00000040`350efdc0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 00000040`350efdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`350efe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800393cb00 Cid 02f0.0c64 Teb: 000007f6fa988000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393dc80 SynchronizationEvent fffffa800393dc00 SynchronizationEvent IRP List: fffffa8001e94790: (0006,0118) Flags: 00060000 Mdl: fffffa8001805f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address lmhsvc!CheckIPAddrWorkerRtn (0x000007fef0bc1544) Stack Init fffff88015463dd0 Current fffff88015463180 Base fffff88015464000 Limit fffff8801545e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154631c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15463300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`154633c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15463470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15463980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15463bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15463c40) 00000040`34abf8c8 000007fe`f0bc15e7 ntdll!NtWaitForMultipleObjects+0xa 00000040`34abf8d0 000007fe`f601167e lmhsvc!CheckIPAddrWorkerRtn+0xbf 00000040`34abf940 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`34abf970 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f00840 Cid 02f0.0954 Teb: 000007f6fa972000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f46e0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff880170d1dd0 Current fffff880170d1900 Base fffff880170d2000 Limit fffff880170cc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170d1940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170d1a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`170d1b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`170d1bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`170d1c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170d1c40) 00000040`34f6fc78 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000040`34f6fc80 000007fe`ec265578 KERNELBASE!WaitForSingleObjectEx+0x92 00000040`34f6fd20 000007fe`f601167e FunDisc!CNotificationQueue::ThreadProc+0x32a 00000040`34f6fd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`34f6fdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002198080 Cid 02f0.0830 Teb: 000007f6faab9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150b5dd0 Current fffff880150b5760 Base fffff880150b6000 Limit fffff880150b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150b57a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150b58e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150b59a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`150b5a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`150b5ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150b5c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150b5c40) 00000040`3426fb48 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000040`3426fb50 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000040`3426fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`3426fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d4c700 Cid 02f0.02e8 Teb: 000007f6faabc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 127 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017476dd0 Current fffff88017476760 Base fffff88017477000 Limit fffff88017471000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174767a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174768e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174769a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17476a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17476ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17476c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17476c40) 00000040`341ef9d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000040`341ef9e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000040`341efc80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`341efcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002e5c080 Cid 02f0.0cf4 Teb: 000007f6fa982000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162c4dd0 Current fffff880162c4760 Base fffff880162c5000 Limit fffff880162bf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162c47a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162c48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162c49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`162c4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`162c4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162c4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162c4c40) 00000040`353ef4e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000040`353ef4f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000040`353ef790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`353ef7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003ed49c0 Cid 02f0.0974 Teb: 000007f6fa970000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002cbe6c0 NotificationEvent fffffa8001eb5e80 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738061 Ticks: 3067 (0:00:00:47.845) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address dhcpcore6!Dhcpv6RenewThread (0x000007fef07f26cc) Stack Init fffff880165bbdd0 Current fffff880165bb180 Base fffff880165bc000 Limit fffff880165b6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165bb1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165bb300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165bb3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`165bb470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`165bb980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`165bbbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165bbc40) 00000040`35c6ec58 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000040`35c6ec60 000007fe`f5b814f2 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000040`35c6ef40 000007fe`f07f19b1 WS2_32!WSAWaitForMultipleEvents+0x12 00000040`35c6ef80 000007fe`f07f1f59 dhcpcore6!Dhcpv6AsyncSelect+0xd2 00000040`35c6f250 000007fe`f07f1e72 dhcpcore6!ProcessRecvFromSocket+0xe8 00000040`35c6f300 000007fe`f07f1d72 dhcpcore6!GetSpecifiedDhcpv6Message+0x1a 00000040`35c6f330 000007fe`f07f2a3d dhcpcore6!SendDhcpv6SolicitAndGetAdvertise+0x463 00000040`35c6f5e0 000007fe`f07f272d dhcpcore6!ReSolicitParameters+0x5c9 00000040`35c6f9c0 000007fe`f601167e dhcpcore6!Dhcpv6RenewThread+0x61 00000040`35c6fa00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`35c6fa30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020eb080 Cid 02f0.0134 Teb: 000007f6fa966000 Win32Thread: 0000000000000000 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 0000004034dad9c0 Unknown Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737866 Ticks: 3262 (0:00:00:50.887) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dhcpcore6!Dhcpv6FirewallExemptionThreadProc (0x000007fef07f1044) Stack Init fffff8801714fdd0 Current fffff8801714f970 Base fffff88017150000 Limit fffff8801714a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1714f9b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1714faf0 fffff802`b3adf817 nt!KiCommitThreadWait+0x23c fffff880`1714fbb0 fffff802`b3ea4e5e nt!KeWaitForAlertByThreadId+0x13b fffff880`1714fc10 fffff802`b3b02d53 nt!NtWaitForAlertByThreadId+0x2a fffff880`1714fc40 000007fe`f7ec466b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1714fc40) 00000040`35cef7c8 000007fe`f7f2363c ntdll!NtWaitForAlertByThreadId+0xa 00000040`35cef7d0 000007fe`f4fd408f ntdll!RtlSleepConditionVariableCS+0xcc 00000040`35cef840 000007fe`f07f1134 KERNELBASE!SleepConditionVariableCS+0x1b 00000040`35cef870 000007fe`f601167e dhcpcore6!Dhcpv6FirewallExemptionThreadProc+0x181 00000040`35cef8c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000040`35cef8f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80037ae940 SessionId: 0 Cid: 0314 Peb: 7f6fa949000 ParentCid: 0220 DirBase: 319e5000 ObjectTable: fffff8a0024fcf00 HandleCount: Image: svchost.exe VadRoot fffffa8003befd40 Vads 657 Clone 0 Private 6019. Modified 39442. Locked 69. DeviceMap fffff8a00000c340 Token fffff8a0024fd060 ElapsedTime 2 Days 20:10:53.342 UserTime 00:00:04.539 KernelTime 00:00:02.028 QuotaPoolUsage[PagedPool] 355128 QuotaPoolUsage[NonPagedPool] 109904 Working Set Sizes (now,min,max) (10940, 50, 345) (43760KB, 200KB, 1380KB) PeakWorkingSetSize 39122 VirtualSize 549 Mb PeakVirtualSize 567 Mb PageFaultCount 102768 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 8943 Setting context for this process... .process /p /r fffffa80037ae940 THREAD fffffa80037a59c0 Cid 0314.0318 Teb: 000007f6fa94e000 Win32Thread: fffff90100655b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037c57b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720336 Ticks: 20792 (0:00:05:24.357) Context Switch Count 758 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015164dd0 Current fffff88015164900 Base fffff88015165000 Limit fffff8801515f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15164940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15164a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15164b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15164bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15164c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15164c40) 000000f2`7361f9f8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000f2`7361fa00 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 000000f2`7361faa0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 000000f2`7361fbe0 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 000000f2`7361fce0 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 000000f2`7361fd20 000007f6`fb7a2742 svchost!wmain+0x269 000000f2`7361fd70 000007fe`f601167e svchost!_wmainCRTStartup+0x74 000000f2`7361fda0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7361fdd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037c27c0 Cid 0314.031c Teb: 000007f6fa94c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db8490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015179dd0 Current fffff88015179900 Base fffff8801517a000 Limit fffff88015174000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037c0a00 Cid 0314.0328 Teb: 000007f6fa945000 Win32Thread: fffff90100659b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a9a60 NotificationEvent fffffa80037b4f50 SynchronizationEvent fffffa80037a99e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7999 Ticks: 15733129 (2:20:10:38.385) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015187dd0 Current fffff88015187180 Base fffff88015188000 Limit fffff88015182000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037cc700 Cid 0314.032c Teb: 000007f6fa943000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80037ccaa8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738889 Ticks: 2239 (0:00:00:34.928) Context Switch Count 400 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801518edd0 Current fffff8801518e7a0 Base fffff8801518f000 Limit fffff88015189000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1518e7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1518e920 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1518e9e0 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`1518ea70 fffff802`b3ef350d nt!AlpcpReceiveMessagePort+0x380 fffff880`1518eae0 fffff802`b3ef334b nt!AlpcpReceiveLegacyMessage+0x11c fffff880`1518eb70 fffff802`b3ef31f3 nt!NtReplyWaitReceivePortEx+0xca fffff880`1518ec00 fffff802`b3b02d53 nt!NtReplyWaitReceivePort+0xf fffff880`1518ec40 000007fe`f7ec2c9a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1518ec40) 000000f2`744af448 000007fe`f38a1087 ntdll!NtReplyWaitReceivePort+0xa 000000f2`744af450 000007fe`f38a3f50 themeservice!CAPIConnection::Listen+0x77 000000f2`744af6b0 000007fe`f38a4a1e themeservice!CService::Start+0x147 000000f2`744af6e0 000007f6`fb7a12f3 themeservice!ThemeServiceMain+0x24e 000000f2`744af760 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`744af8b0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`744af8e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`744af910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037f1b00 Cid 0314.0348 Teb: 000007f6fa81e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800319fb60 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739118 Ticks: 2010 (0:00:00:31.356) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151aadd0 Current fffff880151aa0f0 Base fffff880151ab000 Limit fffff880151a5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151aa130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151aa270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`151aa330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`151aa3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`151aa470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`151aa980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`151aabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151aac40) 000000f2`7452f518 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7452f520 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7452f800 000007fe`f7b31a03 combase!WaitCoalesced+0x96 000000f2`7452fa50 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 000000f2`7452faa0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000f2`7452fd10 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f2`7452fd40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7452fd70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003975b00 Cid 0314.0260 Teb: 000007f6fa818000 Win32Thread: fffff901006d7710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003955820 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 192 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801558fdd0 Current fffff8801558f900 Base fffff88015590000 Limit fffff8801558a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1558f940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1558fa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1558fb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1558fbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1558fc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1558fc40) 000000f2`7473f788 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000f2`7473f790 000007fe`f0311835 KERNELBASE!WaitForSingleObjectEx+0x92 000000f2`7473f830 000007fe`f03228eb shsvcs!GSM::_RunService+0x49 000000f2`7473f870 000007fe`f0322749 shsvcs!GSM::_ServiceMainHelper+0x19f 000000f2`7473f8c0 000007fe`f0311080 shsvcs!GSM::CServiceMainTask::_DoStuff+0xd 000000f2`7473f8f0 000007fe`f032271c shsvcs!CThreadTask::_CallDoStuff+0x76 000000f2`7473f920 000007f6`fb7a12f3 shsvcs!GSM::ServiceMain+0xa2 000000f2`7473fa00 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`7473fb50 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`7473fb80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7473fbb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800398a080 Cid 0314.0418 Teb: 000007f6fa816000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002eddee0 SynchronizationEvent fffffa8003958640 SynchronizationEvent fffffa8003b60fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679223 Ticks: 61905 (0:00:16:05.724) Context Switch Count 643 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.093 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880154ccdd0 Current fffff880154cc180 Base fffff880154cd000 Limit fffff880154c7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154cc1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154cc300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`154cc3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`154cc470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`154cc980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`154ccbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154ccc40) 000000f2`747bf2d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`747bf2e0 000007fe`f00aa14b KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`747bf5c0 000007fe`f00c2b10 schedsvc!Scheduler::TimerThreadFunction+0x399 000000f2`747bf880 000007fe`f00b80cb schedsvc!JobsService[::CNtService]::WorkerThread+0x236 000000f2`747bf990 000007fe`f00b7fbb schedsvc!CNtService::Run+0x119 000000f2`747bf9e0 000007f6`fb7a12f3 schedsvc!ServiceMain+0x19f 000000f2`747bfbd0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`747bfd20 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`747bfd50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`747bfd80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039f7080 Cid 0314.0480 Teb: 000007f6fa804000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0b740 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740821 Ticks: 307 (0:00:00:04.789) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e5add0 Current fffff88014e5a760 Base fffff88014e5b000 Limit fffff88014e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e5a7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e5a8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e5a9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e5aa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e5aae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e5ac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e5ac40) 000000f2`74e2f628 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`74e2f630 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`74e2f8d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`74e2f900 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039fbb00 Cid 0314.0484 Teb: 000007f6fa802000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b39ba0 SynchronizationEvent fffffa8003b3bfe0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679246 Ticks: 61882 (0:00:16:05.365) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address schedsvc!CSessionMgr::StartJobsCallback (0x000007fef00c3788) Stack Init fffff88015588dd0 Current fffff88015588180 Base fffff88015589000 Limit fffff88015583000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155881c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15588300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155883c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15588470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15588980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15588bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15588c40) 000000f2`74eaf568 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`74eaf570 000007fe`f00aa4f9 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`74eaf850 000007fe`f00c37d8 schedsvc!CSessionMgr::LaunchLoop+0x89 000000f2`74eaf8b0 000007fe`f601167e schedsvc!CSessionMgr::StartJobsCallback+0xaf 000000f2`74eaf940 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`74eaf970 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b0b9c0 Cid 0314.0488 Teb: 000007f6fa800000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b58db0 SynchronizationEvent fffffa8003b38cd0 SynchronizationEvent fffffa8003b48be0 SynchronizationEvent fffffa8003b589e0 SynchronizationTimer fffffa8003b58840 SynchronizationTimer IRP List: fffffa8003b3c010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10689 Ticks: 15730439 (2:20:09:56.421) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskcomp!CompatibilityAdapter::MonitorThread (0x000007feef961c00) Stack Init fffff88014e0ddd0 Current fffff88014e0d180 Base fffff88014e0e000 Limit fffff88014e08000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bad700 Cid 0314.05cc Teb: 000007f6fa814000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbd520 NotificationEvent fffffa8003bb5ca0 SynchronizationEvent fffffa8003ba3200 SynchronizationEvent fffffa8003beda78 NotificationEvent IRP List: fffffa8003d85010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738812 Ticks: 2316 (0:00:00:36.129) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f4fdd0 Current fffff88014f4f180 Base fffff88014f50000 Limit fffff88014f4a000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f4f1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f4f300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f4f3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f4f470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f4f980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f4fbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f4fc40) 000000f2`7483f068 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7483f070 000007fe`eec11663 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7483f350 000007fe`eec16c8f wmisvc!WaitingFunction+0x171 000000f2`7483f400 000007fe`eec16484 wmisvc!MyService::WorkerThread+0x329 000000f2`7483f580 000007fe`eec17266 wmisvc!CNtService::Run+0x12f 000000f2`7483f720 000007f6`fb7a12f3 wmisvc!ServiceMain+0x113 000000f2`7483f7e0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`7483f930 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`7483f960 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7483f990 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bbf900 Cid 0314.0620 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db6c10 SynchronizationEvent fffffa80030912b0 SynchronizationEvent fffffa8003f9c920 SynchronizationEvent fffffa8003e3dd50 SynchronizationEvent fffffa8003fa2630 SynchronizationEvent fffffa8004035530 SynchronizationEvent fffffa8003f48a70 SynchronizationEvent fffffa8003fb0620 SynchronizationEvent fffffa8003dc0490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727890 Ticks: 13238 (0:00:03:26.514) Context Switch Count 699 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fcddd0 Current fffff88014fcd180 Base fffff88014fce000 Limit fffff88014fc8000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14fcd1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fcd300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14fcd3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14fcd470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14fcd980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14fcdbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fcdc40) 000000f2`750af3c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`750af3d0 000007fe`eea01d8c KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`750af6b0 000007fe`eea0f1d1 srvsvc!SsScavengerThread+0x3ac 000000f2`750af7b0 000007f6`fb7a10fd srvsvc!ServiceMain+0x61a 000000f2`750afa50 000007fe`f55d4ac5 svchost!ServiceStarter+0x188 000000f2`750afba0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`750afbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`750afc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bd4080 Cid 0314.06a8 Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003daa960 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSCORE!ShareNotificationsThreadProc (0x000007feedfa1824) Stack Init fffff88015e99dd0 Current fffff88015e99900 Base fffff88015e9a000 Limit fffff88015e94000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcf700 Cid 0314.06ac Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679964 Ticks: 61164 (0:00:15:54.164) Context Switch Count 163 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155dcdd0 Current fffff880155dc760 Base fffff880155dd000 Limit fffff880155d7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155dc7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155dc8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`155dc9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`155dca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`155dcae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155dcc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155dcc40) 000000f2`752ef9c8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`752ef9d0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`752efc70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`752efca0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bd8700 Cid 0314.06b4 Teb: 000007f6fa7f2000 Win32Thread: fffff90100671290 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject IRP List: fffffa800413a9f0: (0006,01f0) Flags: 00060000 Mdl: fffffa8002620e70 fffffa8002c48a10: (0006,01f0) Flags: 00060000 Mdl: fffffa800274a290 fffffa8002c4e240: (0006,01f0) Flags: 00060000 Mdl: fffffa800189fc30 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 1340 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea7dd0 Current fffff88015ea7760 Base fffff88015ea8000 Limit fffff88015ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ea77a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ea78e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15ea79a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15ea7a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15ea7ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ea7c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ea7c40) 000000f2`754af9f8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`754afa00 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`754afca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`754afcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bd4b00 Cid 0314.06b8 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b741b0 SynchronizationEvent fffffa8003db11b0 SynchronizationEvent fffffa8003e0e9c0 SynchronizationEvent fffffa8003dba320 SynchronizationEvent fffffa8003dba1d0 SynchronizationEvent fffffa8003e685b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15693330 Ticks: 47798 (0:00:12:25.653) Context Switch Count 1428 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address httpprxm!ProxyMgrRegListenForProxySettingsChange (0x000007feee8c0e68) Stack Init fffff88015eaedd0 Current fffff88015eae180 Base fffff88015eaf000 Limit fffff88015ea9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15eae1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15eae300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15eae3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15eae470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15eae980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15eaebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15eaec40) 000000f2`7552f798 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7552f7a0 000007fe`ee8c1259 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7552fa80 000007fe`f601167e httpprxm!ProxyMgrRegListenForProxySettingsChange+0x3f1 000000f2`7552fee0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7552ff10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e55940 Cid 0314.06dc Teb: 000007f6fa7ea000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ddce60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12499 Ticks: 15728629 (2:20:09:28.184) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88003dd8dd0 Current fffff88003dd8900 Base fffff88003dd9000 Limit fffff88003dd3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea0b00 Cid 0314.07a8 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f24aa0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12917 Ticks: 15728211 (2:20:09:21.664) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ffedd0 Current fffff88015ffe900 Base fffff88015fff000 Limit fffff88015ff9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003df8080 Cid 0314.05c8 Teb: 000007f6fa7c6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent fffffa80039cc2f0 NotificationEvent IRP List: fffffa8002cf3e10: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80033c7660: (0006,01f0) Flags: 00060030 Mdl: fffffa80021ac780 fffffa80033f2610: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80020fccd0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727019 Ticks: 14109 (0:00:03:40.101) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016187dd0 Current fffff88016187180 Base fffff88016188000 Limit fffff88016182000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161871c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16187300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`161873c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16187470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16187980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16187bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16187c40) 000000f2`7594f4c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7594f4d0 000007fe`ee9decc3 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7594f7b0 000007fe`ee9d6459 browser!BrWorkerThread+0x12b 000000f2`7594f840 000007f6`fb7a10fd browser!ServiceMain+0x99 000000f2`7594f870 000007fe`f55d4ac5 svchost!ServiceStarter+0x188 000000f2`7594f9c0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`7594f9f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7594fa20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003fa9b00 Cid 0314.04a0 Teb: 000007f6fa7be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727032 Ticks: 14096 (0:00:03:39.899) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801621bdd0 Current fffff8801621b180 Base fffff8801621c000 Limit fffff88016216000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1621b1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1621b300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1621b3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1621b470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1621b980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1621bbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1621bc40) 000000f2`76cbf418 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`76cbf420 000007fe`ee9decc3 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`76cbf700 000007fe`f782707b browser!BrWorkerThread+0x12b 000000f2`76cbf790 000007fe`f7845e6d msvcrt!endthreadex+0xcb 000000f2`76cbf7c0 000007fe`f601167e msvcrt!endthreadex+0xac 000000f2`76cbf7f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`76cbf820 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003836b00 Cid 0314.0898 Teb: 000007f6fa7bc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f47c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14273 Ticks: 15726855 (2:20:09:00.510) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88015429dd0 Current fffff88015429900 Base fffff8801542a000 Limit fffff88015424000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018a5b00 Cid 0314.0a1c Teb: 000007f6fa7a4000 Win32Thread: fffff901006a9820 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003798d00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 148 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801607ddd0 Current fffff8801607d5f0 Base fffff8801607e000 Limit fffff88016078000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1607d630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1607d770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1607d830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1607d8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`1607d970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`1607da40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`1607da90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`1607dbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`1607dc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1607dc40) 000000f2`776bf7d8 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 000000f2`776bf7e0 000007fe`f7ba9f50 user32!GetMessageW+0x25 000000f2`776bf810 000007fe`f7b74d49 combase!CDllHost::STAWorkerLoop+0x54 000000f2`776bf880 000007fe`f7b32218 combase!CDllHost::WorkerThread+0xc1 000000f2`776bf8c0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000f2`776bfb30 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f2`776bfb60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`776bfb90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037d0b00 Cid 0314.0a2c Teb: 000007f6fa7a2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80036216b0 NotificationEvent fffffa80017d6f20 NotificationEvent IRP List: fffffa80031d0c80: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ncprov!CNCProvider::ConnectThreadProc (0x000007feeaf651dc) Stack Init fffff880163ebdd0 Current fffff880163eb180 Base fffff880163ec000 Limit fffff880163e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261ab00 Cid 0314.0a30 Teb: 000007f6fa7a0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d200 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff8800316cdd0 Current fffff8800316c180 Base fffff8800316d000 Limit fffff88003167000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002624900 Cid 0314.0a34 Teb: 000007f6fa79e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037cac10 NotificationEvent fffffa80040559b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff88003173dd0 Current fffff88003173180 Base fffff88003174000 Limit fffff8800316e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003676080 Cid 0314.099c Teb: 000007f6fa812000 Win32Thread: fffff90100697950 WAIT: (UserRequest) UserMode Alertable fffffa80038ce280 SynchronizationTimer fffffa80038165f0 NotificationEvent fffffa80031e7a30 SynchronizationEvent IRP List: fffffa8003f07e10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8003900d80: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720270 Ticks: 20858 (0:00:05:25.386) Context Switch Count 5927 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.156 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88003181dd0 Current fffff88003181180 Base fffff88003182000 Limit fffff8800317c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`031811c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03181300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`031813c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03181470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03181980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03181bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03181c40) 000000f2`74caf128 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`74caf130 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`74caf410 000007fe`ed15158f user32!MsgWaitForMultipleObjectsEx+0x144 000000f2`74caf4c0 000007fe`ed15b91f qmgr!CJobManager::TaskThread+0x4b 000000f2`74caf540 000007fe`ed140532 qmgr!InitQmgr+0x2cb 000000f2`74caf610 000007fe`ed13ff08 qmgr!BITSServiceMainProc+0x61a 000000f2`74caf750 000007f6`fb7a12f3 qmgr!BITSServiceMain+0xc 000000f2`74caf790 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`74caf8e0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`74caf910 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`74caf940 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e11080 Cid 0314.0420 Teb: 000007f6fa80c000 Win32Thread: fffff901006f8710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737701 Ticks: 3427 (0:00:00:53.461) Context Switch Count 2697 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f72dd0 Current fffff88015f72760 Base fffff88015f73000 Limit fffff88015f6d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f727a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f728e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f729a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15f72a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15f72ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15f72c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f72c40) 000000f2`7562f608 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`7562f610 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`7562f8b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7562f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037fab00 Cid 0314.0d10 Teb: 000007f6fa806000 Win32Thread: fffff9010066fb90 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject IRP List: fffffa8002d0f260: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 8797 IdealProcessor: 0 UserTime 00:00:01.310 KernelTime 00:00:00.577 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150dfdd0 Current fffff880150df760 Base fffff880150e0000 Limit fffff880150da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150df7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150df8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150df9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`150dfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`150dfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150dfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150dfc40) 000000f2`758cf7b8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`758cf7c0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`758cfa60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`758cfa90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004048080 Cid 0314.04b8 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002187550 SynchronizationEvent fffffa8001f05860 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737670 Ticks: 3458 (0:00:00:53.945) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017525dd0 Current fffff88017525180 Base fffff88017526000 Limit fffff88017520000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`175251c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17525300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175253c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17525470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17525980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17525bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17525c40) 000000f2`75def598 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`75def5a0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`75def880 000007fe`f7ba9443 combase!WaitCoalesced+0x96 000000f2`75defad0 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 000000f2`75defb20 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 000000f2`75defb60 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000f2`75defdd0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f2`75defe00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`75defe30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020a4b00 Cid 0314.0bec Teb: 000007f6fa7dc000 Win32Thread: fffff901006e5710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740262 Ticks: 866 (0:00:00:13.509) Context Switch Count 1061 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016596dd0 Current fffff88016596760 Base fffff88016597000 Limit fffff88016591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165967a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165968e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165969a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16596a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16596ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16596c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16596c40) 000000f2`761bfc88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`761bfc90 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`761bff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`761bff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001dcb080 Cid 0314.0ae4 Teb: 000007f6fa7ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038b30c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679787 Ticks: 61341 (0:00:15:56.925) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163f9dd0 Current fffff880163f9760 Base fffff880163fa000 Limit fffff880163f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`163f97a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`163f98e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`163f99a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`163f9a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`163f9ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`163f9c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163f9c40) 000000f2`763bf9a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`763bf9b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`763bfc50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`763bfc80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cff080 Cid 0314.0298 Teb: 000007f6fa7c8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001cff428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a000a23170 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff8801756bdd0 Current fffff8801756b660 Base fffff8801756c000 Limit fffff88017566000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1756b6a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1756b7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1756b8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`1756b930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`1756b9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1756ba40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1756bb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1756bbd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1756bc40) 000000f2`7643f548 000007fe`f5beb3ef ntdll!NtAlpcSendWaitReceivePort+0xa 000000f2`7643f550 000007fe`f5cf6df2 RPCRT4!LRPC_CCALL::SendReceive+0x14f 000000f2`7643f630 000007fe`f5cf7d09 RPCRT4!NdrpClientCall3+0x725 000000f2`7643f980 000007fe`eef05cbb RPCRT4!NdrClientCall3+0xed 000000f2`7643fd10 000007fe`f601167e SSDPAPI!GetNotificationLoop+0x83 000000f2`7643fd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7643fdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d8c080 Cid 0314.0bbc Teb: 000007f6fa94a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003253610 SynchronizationEvent fffffa8003782a30 NotificationEvent fffffa8003f099f0 SynchronizationEvent IRP List: fffffa80018966f0: (0006,01f0) Flags: 00040030 Mdl: 00000000 fffffa8002dd4210: (0006,01f0) Flags: 00040030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 286 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880171cbdd0 Current fffff880171cb180 Base fffff880171cc000 Limit fffff880171c6000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr Call Site fffff880`171cb1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171cb300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171cb3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`171cb470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`171cb980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`171cbbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171cbc40) 000000f2`739ff948 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`739ff950 000007fe`e8da1568 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`739ffc30 000007fe`e8ddd6c7 wuaueng!CSusEventSystem::Run+0x25c 000000f2`739ffd00 000007f6`fb7a12f3 wuaueng!ServiceMain+0x1f7 000000f2`739ffd70 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 000000f2`739ffec0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 000000f2`739ffef0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`739fff20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cd4080 Cid 0314.0ce4 Teb: 000007f6fa947000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a8250 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717753 Ticks: 23375 (0:00:06:04.652) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88016110dd0 Current fffff88016110900 Base fffff88016111000 Limit fffff8801610b000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16110940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16110a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16110b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16110bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16110c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16110c40) 000000f2`74faf728 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000f2`74faf730 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 000000f2`74faf7d0 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 000000f2`74faf850 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 000000f2`74faf8e0 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 000000f2`74faf920 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`74faf950 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e76080 Cid 0314.0c68 Teb: 000007f6fa81c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001ccea80 SynchronizationEvent fffffa8002d31cc0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717492 Ticks: 23636 (0:00:06:08.723) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff8801546add0 Current fffff8801546a180 Base fffff8801546b000 Limit fffff88015465000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1546a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1546a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1546a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1546a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1546a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1546abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1546ac40) 000000f2`7512f858 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7512f860 000007fe`ef0535b6 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7512fb40 000007fe`ef04ad45 ESENT!UtilPerfThread+0xc6 000000f2`7512fc50 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 000000f2`7512fc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7512fcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800360fb00 Cid 0314.08a4 Teb: 000007f6fa81a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c94e40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733523 Ticks: 7605 (0:00:01:58.638) Context Switch Count 222 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880171eedd0 Current fffff880171ee7a0 Base fffff880171ef000 Limit fffff880171e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171ee7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171ee920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171ee9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`171eea90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`171eeb20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`171eebd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171eec40) 000000f2`755af718 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 000000f2`755af720 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 000000f2`755af780 000007fe`ef0068cc KERNEL32!GetQueuedCompletionStatusStub+0x12 000000f2`755af7c0 000007fe`ef04ad91 ESENT!CTaskManager::TMIDispatch+0x11c 000000f2`755af860 000007fe`ef04ad45 ESENT!CTaskManager::TMDispatch+0x11 000000f2`755af890 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 000000f2`755af8d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`755af900 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d2ab00 Cid 0314.0adc Teb: 000007f6fa7fe000 Win32Thread: fffff901006f2010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ed4250 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 6051 IdealProcessor: 0 UserTime 00:00:00.296 KernelTime 00:00:02.776 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88015f80dd0 Current fffff88015f80180 Base fffff88015f81000 Limit fffff88015f7b000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr Call Site fffff880`15f801c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f80300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15f803c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15f80470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15f80980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15f80bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f80c40) 000000f2`7703f3d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`7703f3e0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`7703f6c0 000007fe`e8da1ebb KERNEL32!WaitForMultipleObjects+0x12 000000f2`7703f700 000007fe`e8da1dfc wuaueng!CWorkItemManager::WaitForWorkItem+0x8b 000000f2`7703f770 000007fe`f601167e wuaueng!CWorkItemManager::ExecuteWorkItemWrapper+0x1c 000000f2`7703f7a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`7703f7d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040265c0 Cid 0314.0a44 Teb: 000007f6fa7fa000 Win32Thread: fffff901006fe5a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa80033fee50 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733525 Ticks: 7603 (0:00:01:58.607) Context Switch Count 5581 IdealProcessor: 0 UserTime 00:00:01.482 KernelTime 00:00:00.592 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff880171a3dd0 Current fffff880171a3180 Base fffff880171a4000 Limit fffff8801719e000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171a31c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171a3300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171a33c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`171a3470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`171a3980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`171a3bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171a3c40) 000000f2`770bf948 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`770bf950 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`770bfc30 000007fe`e8da1ebb KERNEL32!WaitForMultipleObjects+0x12 000000f2`770bfc70 000007fe`e8da1dfc wuaueng!CWorkItemManager::WaitForWorkItem+0x8b 000000f2`770bfce0 000007fe`f601167e wuaueng!CWorkItemManager::ExecuteWorkItemWrapper+0x1c 000000f2`770bfd10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`770bfd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f51b00 Cid 0314.0414 Teb: 000007f6fa810000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ec8bd0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 194 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88017371dd0 Current fffff88017371180 Base fffff88017372000 Limit fffff8801736c000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr Call Site fffff880`173711c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17371300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`173713c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17371470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17371980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17371bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17371c40) 000000f2`0c21fb38 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`0c21fb40 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`0c21fe20 000007fe`e8da1ebb KERNEL32!WaitForMultipleObjects+0x12 000000f2`0c21fe60 000007fe`e8da1dfc wuaueng!CWorkItemManager::WaitForWorkItem+0x8b 000000f2`0c21fed0 000007fe`f601167e wuaueng!CWorkItemManager::ExecuteWorkItemWrapper+0x1c 000000f2`0c21ff00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c21ff30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002053b00 Cid 0314.0780 Teb: 000007f6fa7e8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80031a7180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15718905 Ticks: 22223 (0:00:05:46.681) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017515dd0 Current fffff88017515760 Base fffff88017516000 Limit fffff88017510000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175157a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175158e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175159a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17515a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17515ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17515c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17515c40) 000000f2`0c6cfb28 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`0c6cfb30 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`0c6cfdd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c6cfe00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cc9240 Cid 0314.049c Teb: 000007f6fa7de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8003794150 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15722755 Ticks: 18373 (0:00:04:46.620) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0) Stack Init fffff88014e7ddd0 Current fffff88014e7d180 Base fffff88014e7e000 Limit fffff88014e78000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14e7d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e7d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14e7d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14e7d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14e7d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14e7dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e7dc40) 000000f2`0c3ff9a8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`0c3ff9b0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`0c3ffc90 000007fe`e8da1ebb KERNEL32!WaitForMultipleObjects+0x12 000000f2`0c3ffcd0 000007fe`e8da1dfc wuaueng!CWorkItemManager::WaitForWorkItem+0x8b 000000f2`0c3ffd40 000007fe`f601167e wuaueng!CWorkItemManager::ExecuteWorkItemWrapper+0x1c 000000f2`0c3ffd70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c3ffda0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d3c300 Cid 0314.0e68 Teb: 000007f6fa7d8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002d3c6a8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720344 Ticks: 20784 (0:00:05:24.232) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address aelupsvc!AhcpProcessLPCCalls (0x000007fee8b810f0) Stack Init fffff8801511edd0 Current fffff8801511e750 Base fffff8801511f000 Limit fffff88015119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1511e790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1511e8d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1511e990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`1511ea20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`1511ea90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`1511eb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`1511ebd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1511ec40) 000000f2`0c8cfba8 000007fe`e8b81243 ntdll!NtAlpcSendWaitReceivePort+0xa 000000f2`0c8cfbb0 000007fe`f601167e aelupsvc!AhcpProcessLPCCalls+0x159 000000f2`0c8cfcc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c8cfcf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d80240 Cid 0314.076c Teb: 000007f6fa7da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800361db00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720345 Ticks: 20783 (0:00:05:24.216) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150f4dd0 Current fffff880150f4760 Base fffff880150f5000 Limit fffff880150ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150f47a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150f48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150f49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`150f4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`150f4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150f4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150f4c40) 000000f2`0c84f658 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`0c84f660 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`0c84f900 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c84f930 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800365a980 Cid 0314.0a60 Teb: 000007f6fa80a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801519cdd0 Current fffff8801519c760 Base fffff8801519d000 Limit fffff88015197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1519c7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1519c8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1519c9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1519ca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1519cae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1519cc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1519cc40) 000000f2`0d6bf9f8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f2`0d6bfa00 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f2`0d6bfca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0d6bfcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002105680 Cid 0314.0fc4 Teb: 000007f6fa80e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d59110 Semaphore Limit 0x7fffffff fffffa800319ccd0 Mutant - owning thread 0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739275 Ticks: 1853 (0:00:00:28.906) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address qmgr!TaskScheduler::WorkGroupWorkerThunk (0x000007feed178004) Stack Init fffff88015422dd0 Current fffff88015421ee0 Base fffff88015423000 Limit fffff8801541d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15421f20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15422060 fffff802`b3ab33db nt!KiCommitThreadWait+0x23c fffff880`15422120 fffff802`b3b29620 nt!KiWaitForAllObjects+0x3bb fffff880`154223c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x4ae fffff880`15422470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15422980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15422bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15422c40) 000000f2`0c34f5f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f2`0c34f600 000007fe`ed17826f KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f2`0c34f8e0 000007fe`ed17800d qmgr!TaskScheduler::WorkGroupWorker+0x21f 000000f2`0c34fa10 000007fe`f601167e qmgr!TaskScheduler::WorkGroupWorkerThunk+0x9 000000f2`0c34fa50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f2`0c34fa80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80037e9940 SessionId: 0 Cid: 0360 Peb: 7f6fa7ef000 ParentCid: 0220 DirBase: 332b5000 ObjectTable: fffff8a002536040 HandleCount: Image: svchost.exe VadRoot fffffa8003f0a880 Vads 163 Clone 0 Private 1535. Modified 327. Locked 115. DeviceMap fffff8a002487200 Token fffff8a0024f5630 ElapsedTime 2 Days 20:10:48.462 UserTime 00:00:00.405 KernelTime 00:00:00.592 QuotaPoolUsage[PagedPool] 207056 QuotaPoolUsage[NonPagedPool] 38400 Working Set Sizes (now,min,max) (4072, 50, 345) (16288KB, 200KB, 1380KB) PeakWorkingSetSize 4211 VirtualSize 101 Mb PeakVirtualSize 109 Mb PageFaultCount 7783 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1993 Setting context for this process... .process /p /r fffffa80037e9940 THREAD fffffa80037a2b00 Cid 0360.0364 Teb: 000007f6fa7ed000 Win32Thread: fffff90100659290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037d9820 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880151bfdd0 Current fffff880151bf900 Base fffff880151c0000 Limit fffff880151ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`151bf940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151bfa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`151bfb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`151bfbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`151bfc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151bfc40) 0000002b`5065f778 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`5065f780 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`5065f820 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 0000002b`5065f960 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 0000002b`5065fa60 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 0000002b`5065faa0 000007f6`fb7a2742 svchost!wmain+0x269 0000002b`5065faf0 000007fe`f601167e svchost!_wmainCRTStartup+0x74 0000002b`5065fb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5065fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003812080 Cid 0360.0378 Teb: 000007f6fa7e3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d3b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15690529 Ticks: 50599 (0:00:13:09.349) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151c6dd0 Current fffff880151c6760 Base fffff880151c7000 Limit fffff880151c1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`151c67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151c68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`151c69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`151c6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`151c6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151c6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151c6c40) 0000002b`511efc38 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`511efc40 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`511efee0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`511eff10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800389e080 Cid 0360.0138 Teb: 000007f6fa6be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038a07a0 NotificationEvent fffffa80038aa500 SynchronizationEvent fffffa800389e600 NotificationEvent fffffa80038a91a8 NotificationEvent IRP List: fffffa800389cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8883 Ticks: 15732245 (2:20:10:24.594) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address fntcache!SystemFontCollectionMonitor::ThreadProc (0x000007fef12a3b00) Stack Init fffff8801549bdd0 Current fffff8801549b180 Base fffff8801549c000 Limit fffff88015496000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800389fb00 Cid 0360.0144 Teb: 000007f6fa6bc000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800389fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 349 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address fntcache!FontCacheServiceInstance::IpcThreadProc (0x000007fef12a48fc) Stack Init fffff88015494dd0 Current fffff88015494750 Base fffff88015495000 Limit fffff8801548f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15494790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154948d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15494990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`15494a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`15494a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`15494b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`15494bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15494c40) 0000002b`513ef5c8 000007fe`f12510f0 ntdll!NtAlpcSendWaitReceivePort+0xa 0000002b`513ef5d0 000007fe`f125123e fntcache!AlpcServer::ProcessMessage+0x90 0000002b`513ef670 000007fe`f12a494a fntcache!AlpcServer::Run+0x6a 0000002b`513ef760 000007fe`f12a4913 fntcache!FontCacheServiceInstance::RunIpc+0x1a 0000002b`513ef7a0 000007fe`f601167e fntcache!FontCacheServiceInstance::IpcThreadProc+0x17 0000002b`513ef7e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`513ef810 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003d8d7c0 Cid 0360.0658 Teb: 000007f6fa6b8000 Win32Thread: fffff90100691710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800364ee80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735040 Ticks: 6088 (0:00:01:34.973) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address es!Notifier::NotifyThread::ThreadMain (0x000007fef35a06d0) Stack Init fffff88015e5add0 Current fffff88015e5a900 Base fffff88015e5b000 Limit fffff88015e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15e5a940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e5aa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15e5ab40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15e5abd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15e5ac40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e5ac40) 0000002b`52e6f178 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`52e6f180 000007fe`f3571044 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`52e6f220 000007fe`f35a0787 es!Notifier::NotifyThread::NotifyLoop+0x41 0000002b`52e6f290 000007fe`f7bb1f89 es!Notifier::NotifyThread::ContextCallBack+0x17 0000002b`52e6f2c0 000007fe`f7bb1d39 combase!EnterForCallback+0x1b9 0000002b`52e6f3f0 000007fe`f7b95ffd combase!SwitchForCallback+0x24c 0000002b`52e6f660 000007fe`f7b662cf combase!PerformCallback+0xe5 0000002b`52e6f6c0 000007fe`f7ba2f5c combase!CObjectContext::InternalContextCallback+0x13b 0000002b`52e6f7d0 000007fe`f7ba317d combase!CObjectContext::ContextCallback+0xb8 0000002b`52e6f860 000007fe`f35a073e combase!CContextSwitcher::ContextCallback+0x6d 0000002b`52e6f8a0 000007fe`f601167e es!Notifier::NotifyThread::ThreadMain+0x6e 0000002b`52e6f8f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`52e6f920 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e8bb00 Cid 0360.0760 Teb: 000007f6fa6b2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0ea40 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12613 Ticks: 15728515 (2:20:09:26.406) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f9cdd0 Current fffff88015f9c900 Base fffff88015f9d000 Limit fffff88015f97000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea4080 Cid 0360.0774 Teb: 000007f6fa6b0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003df5b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 57 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fc6dd0 Current fffff88015fc6900 Base fffff88015fc7000 Limit fffff88015fc1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ec02c0 Cid 0360.07c0 Teb: 000007f6fa6ae000 Win32Thread: fffff901006a3b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030bf470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12914 Ticks: 15728214 (2:20:09:21.710) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!NetProfileManStartStopThread (0x000007feedb96d5c) Stack Init fffff88016022dd0 Current fffff88016022900 Base fffff88016023000 Limit fffff8801601d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ee6b00 Cid 0360.07d8 Teb: 000007f6fa6a8000 Win32Thread: fffff9010069f610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003eea260 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 586 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::EventMgrThreadProc (0x000007feedb859ec) Stack Init fffff88016029dd0 Current fffff880160295f0 Base fffff8801602a000 Limit fffff88016024000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16029630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16029770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16029830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`160298c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`16029970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`16029a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`16029a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`16029bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`16029c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16029c40) 0000002b`5336fa78 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 0000002b`5336fa80 000007fe`edb85aa4 user32!GetMessageW+0x25 0000002b`5336fab0 000007fe`f601167e netprofmsvc!CImplINetworkListManager::EventMgrThreadProc+0x2d8 0000002b`5336fb70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5336fba0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f02b00 Cid 0360.0424 Teb: 000007f6fa6a6000 Win32Thread: fffff901006abb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc7ca0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15732248 Ticks: 8880 (0:00:02:18.528) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::IpHlpEventMgrThreadProc (0x000007feedb86564) Stack Init fffff880160a7dd0 Current fffff880160a7900 Base fffff880160a8000 Limit fffff880160a2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160a7940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160a7a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`160a7b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`160a7bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`160a7c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160a7c40) 0000002b`533ff678 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`533ff680 000007fe`edb86601 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`533ff720 000007fe`f601167e netprofmsvc!CImplINetworkListManager::IpHlpEventMgrThreadProc+0xbf 0000002b`533ff790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`533ff7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e01080 Cid 0360.0498 Teb: 000007f6fa6a4000 Win32Thread: fffff901006a5290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003eea150 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::NetworkEventAggregatorThreadProc (0x000007feedb85f9c) Stack Init fffff880160aedd0 Current fffff880160ae900 Base fffff880160af000 Limit fffff880160a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160ae940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160aea80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`160aeb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`160aebd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`160aec40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160aec40) 0000002b`5347fcc8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`5347fcd0 000007fe`edb86026 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`5347fd70 000007fe`f601167e netprofmsvc!CImplINetworkListManager::NetworkEventAggregatorThreadProc+0xac 0000002b`5347fdd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5347fe00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e01700 Cid 0360.04a4 Teb: 000007f6fa6a2000 Win32Thread: fffff901006a5710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f029f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 83 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::FirewallEventMgrThreadProc (0x000007feedb94274) Stack Init fffff880160b5dd0 Current fffff880160b5900 Base fffff880160b6000 Limit fffff880160b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`160b5940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160b5a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`160b5b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`160b5bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`160b5c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160b5c40) 0000002b`534ff7e8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`534ff7f0 000007fe`edb942f4 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`534ff890 000007fe`f601167e netprofmsvc!CImplINetworkListManager::FirewallEventMgrThreadProc+0x9a 0000002b`534ff8e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`534ff910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f19b00 Cid 0360.0548 Teb: 000007f6fa69c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003ef53f0 NotificationEvent fffffa8003ef5200 SynchronizationTimer Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bthserv!BthServAsyncThread (0x000007feeda358dc) Stack Init fffff880160d8dd0 Current fffff880160d8180 Base fffff880160d9000 Limit fffff880160d3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f4bb00 Cid 0360.04ac Teb: 000007f6fa69e000 Win32Thread: fffff901006ab710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003f49f60 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 753 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address netprofmsvc!CImplINetworkListManager::EventWorkerThreadProc (0x000007feedb896d0) Stack Init fffff88016164dd0 Current fffff880161645f0 Base fffff88016165000 Limit fffff8801615f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16164630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16164770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16164830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`161648c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`16164970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`16164a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`16164a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`16164bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`16164c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16164c40) 0000002b`5369f758 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 0000002b`5369f760 000007fe`edb8977c user32!GetMessageW+0x25 0000002b`5369f790 000007fe`f601167e netprofmsvc!CImplINetworkListManager::EventWorkerThreadProc+0xb9 0000002b`5369f820 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5369f850 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d58080 Cid 0360.0ae0 Teb: 000007f6fa6b4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800374e740 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734670 Ticks: 6458 (0:00:01:40.745) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address es!TransientSubChecker::CheckerThread::ThreadMain (0x000007fef359f270) Stack Init fffff8801604cdd0 Current fffff8801604c900 Base fffff8801604d000 Limit fffff88016047000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1604c940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1604ca80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1604cb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1604cbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1604cc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1604cc40) 0000002b`52f6fd38 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000002b`52f6fd40 000007fe`f359e8a4 KERNELBASE!WaitForSingleObjectEx+0x92 0000002b`52f6fde0 000007fe`f359f295 es!TransientSubChecker::CheckerThread::CheckerLoop+0x41 0000002b`52f6fe50 000007fe`f601167e es!TransientSubChecker::CheckerThread::ThreadMain+0x25 0000002b`52f6fe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`52f6feb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f2b080 Cid 0360.03c0 Teb: 000007f6fa694000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039e0bc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161fedd0 Current fffff880161fe760 Base fffff880161ff000 Limit fffff880161f9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161fe7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161fe8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`161fe9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`161fea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`161feae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161fec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161fec40) 0000002b`53aaf5d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`53aaf5e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`53aaf880 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`53aaf8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800400b080 Cid 0360.0934 Teb: 000007f6fa67e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003868500 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679686 Ticks: 61442 (0:00:15:58.501) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801750edd0 Current fffff8801750e760 Base fffff8801750f000 Limit fffff88017509000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1750e7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1750e8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1750e9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1750ea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1750eae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1750ec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1750ec40) 0000002b`54a0f958 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54a0f960 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54a0fc00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54a0fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002788740 Cid 0360.029c Teb: 000007f6fa67c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001ddac40 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679735 Ticks: 61393 (0:00:15:57.736) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017109dd0 Current fffff88017109760 Base fffff8801710a000 Limit fffff88017104000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171097a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171098e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171099a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17109a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17109ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17109c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17109c40) 0000002b`54a8f6a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54a8f6b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54a8f950 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54a8f980 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c6c080 Cid 0360.0d30 Teb: 000007f6fa67a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036ed940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679696 Ticks: 61432 (0:00:15:58.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017037dd0 Current fffff88017037760 Base fffff88017038000 Limit fffff88017032000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170377a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170378e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170379a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17037a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17037ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17037c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17037c40) 0000002b`54b0f818 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54b0f820 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54b0fac0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54b0faf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f68080 Cid 0360.08c8 Teb: 000007f6fa678000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800180aa00 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679706 Ticks: 61422 (0:00:15:58.189) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163e4dd0 Current fffff880163e4760 Base fffff880163e5000 Limit fffff880163df000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`163e47a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`163e48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`163e49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`163e4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`163e4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`163e4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163e4c40) 0000002b`54b8fb88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54b8fb90 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54b8fe30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54b8fe60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f20800 Cid 0360.03cc Teb: 000007f6fa676000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fb1080 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016262dd0 Current fffff88016262760 Base fffff88016263000 Limit fffff8801625d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162627a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162628e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162629a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16262a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16262ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16262c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16262c40) 0000002b`54c0f728 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54c0f730 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54c0f9d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54c0fa00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038159c0 Cid 0360.0628 Teb: 000007f6fa668000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8004001280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801544cdd0 Current fffff8801544c760 Base fffff8801544d000 Limit fffff88015447000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1544c7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1544c8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1544c9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1544ca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1544cae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1544cc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1544cc40) 0000002b`54f8fb18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`54f8fb20 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`54f8fdc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`54f8fdf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003793080 Cid 0360.0ddc Teb: 000007f6fa6ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740467 Ticks: 661 (0:00:00:10.311) Context Switch Count 860 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015068dd0 Current fffff88015068760 Base fffff88015069000 Limit fffff88015063000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150687a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150688e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150689a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15068a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15068ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15068c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15068c40) 0000002b`5361f988 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`5361f990 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`5361fc30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5361fc60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002156080 Cid 0360.09ac Teb: 000007f6fa7e9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170f4dd0 Current fffff880170f4760 Base fffff880170f5000 Limit fffff880170ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170f47a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170f48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170f49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`170f4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`170f4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170f4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170f4c40) 0000002b`50d8fb08 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`50d8fb10 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`50d8fdb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`50d8fde0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018c29c0 Cid 0360.06a0 Teb: 000007f6fa7e5000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 209 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017394dd0 Current fffff88017394760 Base fffff88017395000 Limit fffff8801738f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173947a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173948e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173949a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17394a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17394ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17394c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17394c40) 0000002b`52d6f788 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`52d6f790 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`52d6fa30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`52d6fa60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020cab00 Cid 0360.0614 Teb: 000007f6fa7eb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733831 Ticks: 7297 (0:00:01:53.833) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174ebdd0 Current fffff880174eb760 Base fffff880174ec000 Limit fffff880174e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174eb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174eb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174eb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`174eba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`174ebae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174ebc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174ebc40) 0000002b`509bfc88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`509bfc90 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`509bff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`509bff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033d8080 Cid 0360.0940 Teb: 000007f6fa7e7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 246 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801659ddd0 Current fffff8801659d760 Base fffff8801659e000 Limit fffff88016598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1659d7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1659d8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1659d9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1659da50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1659dae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1659dc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1659dc40) 0000002b`5116f858 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002b`5116f860 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002b`5116fb00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002b`5116fb30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003879940 SessionId: 0 Cid: 03f0 Peb: 7f6fad89000 ParentCid: 0220 DirBase: 3584e000 ObjectTable: fffff8a002669480 HandleCount: Image: svchost.exe VadRoot fffffa8003873c30 Vads 236 Clone 0 Private 9637. Modified 3929. Locked 5. DeviceMap fffff8a00000c340 Token fffff8a00267f060 ElapsedTime 2 Days 20:10:35.467 UserTime 00:00:02.527 KernelTime 00:00:08.970 QuotaPoolUsage[PagedPool] 198216 QuotaPoolUsage[NonPagedPool] 36304 Working Set Sizes (now,min,max) (13295, 50, 345) (53180KB, 200KB, 1380KB) PeakWorkingSetSize 13943 VirtualSize 4220 Mb PeakVirtualSize 4262 Mb PageFaultCount 64474 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 12699 Setting context for this process... .process /p /r fffffa8003879940 THREAD fffffa80038999c0 Cid 03f0.03f4 Teb: 000007f6fad8e000 Win32Thread: fffff90100665710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800389a8e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015471dd0 Current fffff88015471900 Base fffff88015472000 Limit fffff8801546c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15471940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15471a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15471b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15471bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15471c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15471c40) 0000006f`45abf898 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000006f`45abf8a0 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 0000006f`45abf940 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 0000006f`45abfa80 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 0000006f`45abfb80 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 0000006f`45abfbc0 000007f6`fb7a2742 svchost!wmain+0x269 0000006f`45abfc10 000007fe`f601167e svchost!_wmainCRTStartup+0x74 0000006f`45abfc40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`45abfc70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038adb00 Cid 03f0.018c Teb: 000007f6fad87000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800388ab80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8985 Ticks: 15732143 (2:20:10:23.003) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address audioendpointbuilder!EventWorkerThread (0x000007fef2e7b224) Stack Init fffff8801543edd0 Current fffff8801543e7a0 Base fffff8801543f000 Limit fffff88015439000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038acb00 Cid 03f0.021c Teb: 000007f6fac5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038be640 QueueObject IRP List: fffffa8001ca9c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736102 Ticks: 5026 (0:00:01:18.406) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154c5dd0 Current fffff880154c5760 Base fffff880154c6000 Limit fffff880154c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`154c57a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154c58e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`154c59a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`154c5a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`154c5ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`154c5c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154c5c40) 0000006f`466ef888 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`466ef890 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`466efb30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`466efb60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038ca080 Cid 03f0.014c Teb: 000007f6fad85000 Win32Thread: fffff901006a5b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8003735810: (0006,03e8) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736541 Ticks: 4587 (0:00:01:11.557) Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154bedd0 Current fffff880154be760 Base fffff880154bf000 Limit fffff880154b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`154be7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154be8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`154be9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`154bea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`154beae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`154bec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154bec40) 0000006f`465bf5f8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`465bf600 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`465bf8a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`465bf8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003965b00 Cid 03f0.0380 Teb: 000007f6fac5c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003950d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9544 Ticks: 15731584 (2:20:10:14.283) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801553bdd0 Current fffff8801553b900 Base fffff8801553c000 Limit fffff88015536000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397e080 Cid 03f0.022c Teb: 000007f6fac58000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003951970 SynchronizationEvent fffffa8003921600 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9559 Ticks: 15731569 (2:20:10:14.049) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlgpclnt!MainGPAProc (0x000007fef0425d98) Stack Init fffff88015581dd0 Current fffff88015581180 Base fffff88015582000 Limit fffff8801557c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003984b00 Cid 03f0.0410 Teb: 000007f6fac54000 Win32Thread: fffff901006f4b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 1324 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155abdd0 Current fffff880155ab760 Base fffff880155ac000 Limit fffff880155a6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`155ab7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155ab8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`155ab9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`155aba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`155abae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155abc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155abc40) 0000006f`46fff528 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`46fff530 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`46fff7d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`46fff800 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003918800 Cid 03f0.042c Teb: 000007f6fac50000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003943060 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9690 Ticks: 15731438 (2:20:10:12.005) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff880155cedd0 Current fffff880155ce900 Base fffff880155cf000 Limit fffff880155c9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039aa080 Cid 03f0.0590 Teb: 000007f6fac56000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba55d0 NotificationEvent fffffa800181aa50 NotificationEvent fffffa8003dbcfe0 NotificationEvent fffffa8003bf5190 SynchronizationTimer fffffa80018106e0 SynchronizationEvent fffffa8003f98600 SynchronizationEvent fffffa8001837060 SynchronizationEvent fffffa800184ea70 SynchronizationEvent fffffa8003f747e0 SynchronizationEvent fffffa80040693e0 NotificationEvent Impersonation token: fffff8a0027cf060 (Level Impersonation) Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741043 Ticks: 85 (0:00:00:01.326) Context Switch Count 10373 IdealProcessor: 0 UserTime 00:00:12.604 KernelTime 00:00:05.553 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fdbdd0 Current fffff88014fdb180 Base fffff88014fdc000 Limit fffff88014fd6000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14fdb1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fdb300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14fdb3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14fdb470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14fdb980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14fdbbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fdbc40) 0000006f`46f7e2c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`46f7e2d0 000007fe`eeca1aee KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`46f7e5b0 000007fe`eecfffbf sysmain!PfSvcMainThreadWorker+0xa88 0000006f`46f7fbd0 000007fe`eecfff57 sysmain!PfSvcMainThread+0x4b 0000006f`46f7fc10 000007f6`fb7a12f3 sysmain!SysMtServiceMain+0xdf 0000006f`46f7fc60 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 0000006f`46f7fdb0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 0000006f`46f7fde0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`46f7fe10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039b1080 Cid 03f0.05a4 Teb: 000007f6fac48000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800399a8c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10746 Ticks: 15730382 (2:20:09:55.531) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014fe9dd0 Current fffff88014fe9760 Base fffff88014fea000 Limit fffff88014fe4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039a7a00 Cid 03f0.05a8 Teb: 000007f6fac46000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a5fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10745 Ticks: 15730383 (2:20:09:55.547) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pcasvc!UfhpShortcutListenerThread (0x000007feef47ba00) Stack Init fffff88014fe2dd0 Current fffff88014fe2900 Base fffff88014fe3000 Limit fffff88014fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea3b00 Cid 03f0.077c Teb: 000007f6fac4c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea6b00 Thread Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fcddd0 Current fffff88015fcd900 Base fffff88015fce000 Limit fffff88015fc8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea6b00 Cid 03f0.078c Teb: 000007f6fac44000 Win32Thread: fffff901006953a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003e1b340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 111 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidServMain (0x000007feedec1d44) Stack Init fffff88015fb1dd0 Current fffff88015fb15f0 Base fffff88015fb2000 Limit fffff88015fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15fb1630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15fb1770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15fb1830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`15fb18c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`15fb1970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`15fb1a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`15fb1a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`15fb1bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`15fb1c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15fb1c40) 00000070`4767f6b8 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 00000070`4767f6c0 000007fe`edec21bd user32!GetMessageW+0x25 00000070`4767f6f0 000007fe`f601167e hidserv!HidServMain+0x479 00000070`4767f830 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`4767f860 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003eac440 Cid 03f0.0794 Teb: 000007f6fac40000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003683360 NotificationEvent fffffa8003e3ac70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadInputProc (0x000007feedec22c4) Stack Init fffff88015fe2dd0 Current fffff88015fe2180 Base fffff88015fe3000 Limit fffff88015fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f935c0 Cid 03f0.0788 Teb: 000007f6fac4e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a700 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14894 Ticks: 15726234 (2:20:08:50.822) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fa3dd0 Current fffff88015fa3900 Base fffff88015fa4000 Limit fffff88015f9e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027b9080 Cid 03f0.090c Teb: 000007f6fac32000 Win32Thread: fffff901006a7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80027835e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681099 Ticks: 60029 (0:00:15:36.458) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016357dd0 Current fffff88016357900 Base fffff88016358000 Limit fffff88016352000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16357940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16357a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16357b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16357bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16357c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16357c40) 00000070`47fefaf8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000070`47fefb00 000007fe`f0f82e0a KERNELBASE!WaitForSingleObjectEx+0x92 00000070`47fefba0 000007fe`f2ef410c shacct!CLocalAccounts::_NotifyThreadProc+0x3e 00000070`47fefbd0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`47fefcc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`47fefcf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003ef2b00 Cid 03f0.09b4 Teb: 000007f6fac2e000 Win32Thread: fffff901001ea820 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e4c70 NotificationEvent fffffa8003f918f0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016270dd0 Current fffff88016270180 Base fffff88016271000 Limit fffff8801626b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162701c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16270300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162703c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16270470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16270980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16270bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16270c40) 00000070`4835f478 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`4835f480 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`4835f760 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`4835f7a0 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`4835f7e0 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`4835f880 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`4835f970 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`4835f9a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038e9b00 Cid 03f0.09b8 Teb: 000007f6fac2c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f91360 NotificationEvent fffffa8003e0fc60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681388 Ticks: 59740 (0:00:15:31.949) Context Switch Count 369 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016277dd0 Current fffff88016277180 Base fffff88016278000 Limit fffff88016272000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162771c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16277300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162773c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16277470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16277980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16277bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16277c40) 00000070`48a6f6b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`48a6f6c0 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`48a6f9a0 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`48a6f9e0 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`48a6fa20 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`48a6fac0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`48a6fbb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`48a6fbe0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e8cb00 Cid 03f0.09bc Teb: 000007f6fac2a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f5fe60 NotificationEvent fffffa8003f47d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681387 Ticks: 59741 (0:00:15:31.965) Context Switch Count 377 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801605add0 Current fffff8801605a180 Base fffff8801605b000 Limit fffff88016055000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1605a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1605a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1605a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1605a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1605a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1605abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1605ac40) 00000070`48aef4e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`48aef4f0 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`48aef7d0 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`48aef810 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`48aef850 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`48aef8f0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`48aef9e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`48aefa10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80027c1080 Cid 03f0.09c0 Teb: 000007f6fac28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f30650 NotificationEvent fffffa8003e0ce90 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681390 Ticks: 59738 (0:00:15:31.918) Context Switch Count 1348 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016269dd0 Current fffff88016269180 Base fffff8801626a000 Limit fffff88016264000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162691c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16269300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162693c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16269470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16269980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16269bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16269c40) 00000070`48b6f668 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`48b6f670 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`48b6f950 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`48b6f990 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`48b6f9d0 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`48b6fa70 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`48b6fb60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`48b6fb90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004080740 Cid 03f0.09c4 Teb: 000007f6fac26000 Win32Thread: fffff9010069bb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0cf10 NotificationEvent fffffa8003f951b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003194dd0 Current fffff88003194180 Base fffff88003195000 Limit fffff8800318f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`031941c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03194300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`031943c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03194470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03194980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03194bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03194c40) 00000070`48bef6c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`48bef6d0 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`48bef9b0 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`48bef9f0 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`48befa30 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`48befad0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`48befbc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`48befbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e9ab00 Cid 03f0.09c8 Teb: 000007f6fac24000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95400 NotificationEvent fffffa80040181d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681882 Ticks: 59246 (0:00:15:24.243) Context Switch Count 837 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880162eedd0 Current fffff880162ee180 Base fffff880162ef000 Limit fffff880162e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162ee1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162ee300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162ee3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`162ee470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`162ee980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`162eebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162eec40) 00000070`48c6f3d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`48c6f3e0 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`48c6f6c0 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000070`48c6f700 000007fe`f1f1338c combase!CoWaitForMultipleHandles+0xda 00000070`48c6f740 000007fe`f2ef410c listsvc!HostedListenerThreadProc+0x120 00000070`48c6f7e0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000070`48c6f8d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`48c6f900 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003dc4340 Cid 03f0.09d0 Teb: 000007f6fac22000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f3b300 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14909 Ticks: 15726219 (2:20:08:50.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f47dd0 Current fffff88002f47760 Base fffff88002f48000 Limit fffff88002f42000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002da3b00 Cid 03f0.05b8 Teb: 000007f6fac5a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038ce440 SynchronizationEvent fffffa80024c5ee0 SynchronizationEvent fffffa800268b680 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 22773 Ticks: 15718355 (2:20:06:47.909) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IdListen!CProviderWatcher::ThreadProc (0x000007feebf42b68) Stack Init fffff880154efdd0 Current fffff880154ef180 Base fffff880154f0000 Limit fffff880154ea000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e5ab00 Cid 03f0.0970 Teb: 000007f6fad8c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306d620 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20972 Ticks: 15720156 (2:20:07:16.005) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f25dd0 Current fffff88015f25900 Base fffff88015f26000 Limit fffff88015f20000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800414f080 Cid 03f0.0878 Teb: 000007f6fac34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0a900 SynchronizationEvent fffffa800413f5a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740542 Ticks: 586 (0:00:00:09.141) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017180dd0 Current fffff88017180180 Base fffff88017181000 Limit fffff8801717b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171801c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17180300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171803c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17180470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17180980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17180bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17180c40) 00000070`480ef018 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`480ef020 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`480ef300 000007fe`f7ba9443 combase!WaitCoalesced+0x96 00000070`480ef550 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 00000070`480ef5a0 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 00000070`480ef5e0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000070`480ef850 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000070`480ef880 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`480ef8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018d0b00 Cid 03f0.0c98 Teb: 000007f6fac1e000 Win32Thread: fffff901006fbb90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003fc1910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 31963 Ticks: 15709165 (2:20:04:24.544) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801711edd0 Current fffff8801711e5f0 Base fffff8801711f000 Limit fffff88017119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001ff0080 Cid 03f0.0f00 Teb: 000007f6fad83000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8001f542c0: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 1122 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160fbdd0 Current fffff880160fb760 Base fffff880160fc000 Limit fffff880160f6000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`160fb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160fb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`160fb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`160fba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`160fbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160fbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160fbc40) 00000070`477ff768 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000070`477ff770 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000070`477ffa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`477ffa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800260da00 Cid 03f0.0da0 Teb: 000007f6fac3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001822160 NotificationEvent fffffa8003648c60 SynchronizationEvent IRP List: fffffa80038d3b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80038204b0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff8801630add0 Current fffff8801630a180 Base fffff8801630b000 Limit fffff88016305000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1630a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1630a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1630a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1630a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1630a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1630abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1630ac40) 00000070`478ff3e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`478ff3f0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`478ff6d0 000007fe`edec2764 KERNEL32!WaitForMultipleObjects+0x12 00000070`478ff710 000007fe`f601167e hidserv!HidThreadProc+0x1b0 00000070`478ff780 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`478ff7b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037dd700 Cid 03f0.0d48 Teb: 000007f6fac3a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306a2b0 NotificationEvent fffffa8003e59ba0 SynchronizationEvent IRP List: fffffa8001fbe9f0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003022330 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff880155c7dd0 Current fffff880155c7180 Base fffff880155c8000 Limit fffff880155c2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155c71c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155c7300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155c73c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`155c7470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`155c7980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`155c7bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155c7c40) 00000070`4797f628 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`4797f630 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`4797f910 000007fe`edec2764 KERNEL32!WaitForMultipleObjects+0x12 00000070`4797f950 000007fe`f601167e hidserv!HidThreadProc+0x1b0 00000070`4797f9c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`4797f9f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b02540 Cid 03f0.0ac4 Teb: 000007f6fac38000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8004129190 NotificationEvent fffffa800183e8e0 SynchronizationEvent IRP List: fffffa800413d9e0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003250690 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4) Stack Init fffff8801635edd0 Current fffff8801635e180 Base fffff8801635f000 Limit fffff88016359000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1635e1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1635e300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1635e3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1635e470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1635e980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1635ebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1635ec40) 00000070`479ff488 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000070`479ff490 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000070`479ff770 000007fe`edec2764 KERNEL32!WaitForMultipleObjects+0x12 00000070`479ff7b0 000007fe`f601167e hidserv!HidThreadProc+0x1b0 00000070`479ff820 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000070`479ff850 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80036ca9c0 Cid 03f0.0e58 Teb: 000007f6fac4a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f073f0 NotificationEvent fffffa8003e70460 NotificationEvent fffffa8001cd5720 NotificationEvent fffffa800262ab60 NotificationEvent fffffa80039b6180 NotificationEvent fffffa80027e1410 NotificationEvent fffffa8003b69c80 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pcasvc!PcapArpMonitorThread (0x000007feef479820) Stack Init fffff88014ecadd0 Current fffff88014eca180 Base fffff88014ecb000 Limit fffff88014ec5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14eca1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14eca300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14eca3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14eca470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14eca980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14ecabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ecac40) 0000006f`4727f2c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`4727f2d0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`4727f5b0 000007fe`ef4798e8 KERNEL32!WaitForMultipleObjects+0x12 0000006f`4727f5f0 000007fe`f601167e pcasvc!PcapArpMonitorThread+0x223 0000006f`4727f840 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`4727f870 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003d9b080 Cid 03f0.0580 Teb: 000007f6fac52000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 270 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174cbdd0 Current fffff880174cb760 Base fffff880174cc000 Limit fffff880174c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174cb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174cb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174cb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`174cba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`174cbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174cbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174cbc40) 0000006f`4707f638 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`4707f640 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`4707f8e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`4707f910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa800392c540 SessionId: 0 Cid: 03b8 Peb: 7f6fb68f000 ParentCid: 0220 DirBase: 2fe18000 ObjectTable: fffff8a00277ad80 HandleCount: Image: svchost.exe VadRoot fffffa8003b97790 Vads 231 Clone 0 Private 1237. Modified 376. Locked 0. DeviceMap fffff8a0007b8aa0 Token fffff8a0021e8060 ElapsedTime 2 Days 20:10:29.071 UserTime 00:00:00.265 KernelTime 00:00:00.702 QuotaPoolUsage[PagedPool] 124440 QuotaPoolUsage[NonPagedPool] 35296 Working Set Sizes (now,min,max) (3221, 50, 345) (12884KB, 200KB, 1380KB) PeakWorkingSetSize 3308 VirtualSize 1358 Mb PeakVirtualSize 1614 Mb PageFaultCount 6706 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2353 Setting context for this process... .process /p /r fffffa800392c540 THREAD fffffa800391a700 Cid 03b8.027c Teb: 000007f6fb68d000 Win32Thread: fffff90100671710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003931f50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 185 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88015527dd0 Current fffff88015527900 Base fffff88015528000 Limit fffff88015522000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15527940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15527a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15527b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15527bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15527c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15527c40) 000000c2`3429f828 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000c2`3429f830 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 000000c2`3429f8d0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 000000c2`3429fa10 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 000000c2`3429fb10 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 000000c2`3429fb50 000007f6`fb7a2742 svchost!wmain+0x269 000000c2`3429fba0 000007fe`f601167e svchost!_wmainCRTStartup+0x74 000000c2`3429fbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`3429fc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800395b080 Cid 03b8.0264 Teb: 000007f6fb685000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039278c0 NotificationEvent fffffa800372eb58 NotificationEvent fffffa800391e4e0 SynchronizationEvent fffffa80038b04b0 SynchronizationEvent IRP List: fffffa8003938840: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740650 Ticks: 478 (0:00:00:07.456) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!NotifyThread (0x000007fef0b338fc) Stack Init fffff880154dadd0 Current fffff880154da180 Base fffff880154db000 Limit fffff880154d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`154da1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154da300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`154da3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`154da470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`154da980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`154dabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154dac40) 000000c2`34d7f778 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`34d7f780 000007fe`f0b33bff KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`34d7fa60 000007fe`f601167e dnsrslvr!NotifyThread+0x3b6 000000c2`34d7ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`34d7ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800396a080 Cid 03b8.02ac Teb: 000007f6fb683000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963650 NotificationEvent fffffa80039278c0 NotificationEvent IRP List: fffffa800360cc10: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681374 Ticks: 59754 (0:00:15:32.168) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!Ip_NotifyThread (0x000007fef0b34d90) Stack Init fffff880154fddd0 Current fffff880154fd180 Base fffff880154fe000 Limit fffff880154f8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154fd1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154fd300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`154fd3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`154fd470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`154fd980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`154fdbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154fdc40) 000000c2`34dff598 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`34dff5a0 000007fe`f0b34f8c KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`34dff880 000007fe`f601167e dnsrslvr!Ip_NotifyThread+0x386 000000c2`34dff960 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`34dff990 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003963080 Cid 03b8.0274 Teb: 000007f6fb55e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393a0c0 NotificationEvent fffffa8003858f60 NotificationEvent fffffa8003858fe0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679521 Ticks: 61607 (0:00:16:01.075) Context Switch Count 1728 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address dnsrslvr!Mcast_Thread (0x000007fef0b35720) Stack Init fffff88015565dd0 Current fffff88015565180 Base fffff88015566000 Limit fffff88015560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155651c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15565300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155653c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15565470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15565980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15565bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15565c40) 000000c2`34e7fb98 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`34e7fba0 000007fe`f0b357f7 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`34e7fe80 000007fe`f601167e dnsrslvr!Mcast_Thread+0x127 000000c2`34e7fef0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`34e7ff20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800396ab00 Cid 03b8.03e8 Teb: 000007f6fb55c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963e10 SynchronizationEvent fffffa800396a630 SynchronizationEvent fffffa80039636d0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679799 Ticks: 61329 (0:00:15:56.738) Context Switch Count 1551 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address dnsrslvr!ProcessIpChangeNotificationRequestThread (0x000007fef0b3517c) Stack Init fffff8801556cdd0 Current fffff8801556c180 Base fffff8801556d000 Limit fffff88015567000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1556c1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1556c300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1556c3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1556c470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1556c980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1556cbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1556cc40) 000000c2`34eff678 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`34eff680 000007fe`f0b3524e KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`34eff960 000007fe`f601167e dnsrslvr!ProcessIpChangeNotificationRequestThread+0x11c 000000c2`34eff9c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`34eff9f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030ae4c0 Cid 03b8.0534 Teb: 000007f6fb552000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800308c800 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10599 Ticks: 15730529 (2:20:09:57.825) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wkssvc!StartIOProcessing (0x000007feef737a10) Stack Init fffff88014f48dd0 Current fffff88014f487a0 Base fffff88014f49000 Limit fffff88014f43000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b1eb00 Cid 03b8.0540 Teb: 000007f6fb550000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800308c200 QueueObject IRP List: fffffa8001fd9010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d28010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003046010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003ddec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736475 Ticks: 4653 (0:00:01:12.587) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f56dd0 Current fffff88014f56760 Base fffff88014f57000 Limit fffff88014f51000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f567a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f568e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14f569a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14f56a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14f56ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f56c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f56c40) 000000c2`3537f7a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`3537f7b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`3537fa50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`3537fa80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b64080 Cid 03b8.05ac Teb: 000007f6fb554000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a43e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11019 Ticks: 15730109 (2:20:09:51.273) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014ff0dd0 Current fffff88014ff0900 Base fffff88014ff1000 Limit fffff88014feb000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b92980 Cid 03b8.05b0 Teb: 000007f6fb548000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b78c40 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10790 Ticks: 15730338 (2:20:09:54.845) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014ff7dd0 Current fffff88014ff77a0 Base fffff88014ff8000 Limit fffff88014ff2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bbeb00 Cid 03b8.05fc Teb: 000007f6fb546000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbbc70 SynchronizationEvent fffffa8003ba72a0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736071 Ticks: 5057 (0:00:01:18.889) Context Switch Count 11454 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.187 Win32 Start Address nlasvc!QueueMonitor (0x000007feef60adf0) Stack Init fffff88014fbfdd0 Current fffff88014fbf180 Base fffff88014fc0000 Limit fffff88014fba000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14fbf1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fbf300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14fbf3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14fbf470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14fbf980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14fbfbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fbfc40) 000000c2`76dcf8f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`76dcf900 000007fe`ef60af4a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`76dcfbe0 000007fe`f601167e nlasvc!QueueMonitor+0x1ee 000000c2`76dcfc60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`76dcfc90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003be8080 Cid 03b8.060c Teb: 000007f6fb540000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 11308 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.187 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e06dd0 Current fffff88015e06760 Base fffff88015e07000 Limit fffff88015e01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e067a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e068e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e069a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e06a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15e06ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e06c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e06c40) 000000c2`7704fb78 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`7704fb80 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`7704fe20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`7704fe50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003d9ba80 Cid 03b8.064c Teb: 000007f6fb53a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d8dfe0 SynchronizationEvent fffffa8003675c80 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11379 Ticks: 15729749 (2:20:09:45.657) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e45dd0 Current fffff88015e45180 Base fffff88015e46000 Limit fffff88015e40000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e13700 Cid 03b8.06bc Teb: 000007f6fb538000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e13aa8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00218c030 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ssdpapi!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff8801619cdd0 Current fffff8801619c660 Base fffff8801619d000 Limit fffff88016197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e94b00 Cid 03b8.0ee0 Teb: 000007f6fb558000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa800404faa0: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738611 Ticks: 2517 (0:00:00:39.265) Context Switch Count 4783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ec3dd0 Current fffff88015ec3760 Base fffff88015ec4000 Limit fffff88015ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ec37a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ec38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15ec39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15ec3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15ec3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ec3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ec3c40) 000000c2`002ff928 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`002ff930 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`002ffbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`002ffc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003dcf940 Cid 03b8.0ec0 Teb: 000007f6fb556000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8003f9f730: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736646 Ticks: 4482 (0:00:01:09.919) Context Switch Count 1442 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ee6dd0 Current fffff88015ee6760 Base fffff88015ee7000 Limit fffff88015ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ee67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ee68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15ee69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15ee6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15ee6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ee6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ee6c40) 000000c2`0037f898 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`0037f8a0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`0037fb40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`0037fb70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d7e080 Cid 03b8.0e10 Teb: 000007f6fb544000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8002142120: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736067 Ticks: 5061 (0:00:01:18.952) Context Switch Count 4965 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016205dd0 Current fffff88016205760 Base fffff88016206000 Limit fffff88016200000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162057a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162058e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162059a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16205a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16205ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16205c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16205c40) 000000c2`0059fcb8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`0059fcc0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`0059ff60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`0059ff90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037f5780 Cid 03b8.0cd4 Teb: 000007f6fb542000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f7b060 NotificationEvent fffffa80027a8780 NotificationEvent fffffa8003f762e0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679467 Ticks: 61661 (0:00:16:01.917) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dnsrslvr!Responder_Thread (0x000007fef0b35850) Stack Init fffff880164afdd0 Current fffff880164af180 Base fffff880164b0000 Limit fffff880164aa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`164af1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164af300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`164af3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`164af470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`164af980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`164afbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164afc40) 000000c2`0061f6f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000c2`0061f700 000007fe`f0b35909 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000c2`0061f9e0 000007fe`f601167e dnsrslvr!Responder_Thread+0x179 000000c2`0061fa20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`0061fa50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cc5080 Cid 03b8.0eb4 Teb: 000007f6fb689000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738862 Ticks: 2266 (0:00:00:35.349) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015180dd0 Current fffff88015180760 Base fffff88015181000 Limit fffff8801517b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151807a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151808e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`151809a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15180a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15180ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15180c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15180c40) 000000c2`0047fb28 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000c2`0047fb30 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000c2`0047fdd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000c2`0047fe00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003b50480 SessionId: 0 Cid: 04c8 Peb: 7f7cf335000 ParentCid: 0220 DirBase: 3b055000 ObjectTable: fffff8a001f01980 HandleCount: Image: spoolsv.exe VadRoot fffffa8003b55d20 Vads 141 Clone 0 Private 657. Modified 10968. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a002237060 ElapsedTime 2 Days 20:10:12.612 UserTime 00:00:05.288 KernelTime 00:00:00.670 QuotaPoolUsage[PagedPool] 158112 QuotaPoolUsage[NonPagedPool] 19120 Working Set Sizes (now,min,max) (2749, 50, 345) (10996KB, 200KB, 1380KB) PeakWorkingSetSize 3288 VirtualSize 74 Mb PeakVirtualSize 87 Mb PageFaultCount 9171 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1046 Setting context for this process... .process /p /r fffffa8003b50480 THREAD fffffa8003031800 Cid 04c8.04cc Teb: 000007f7cf33e000 Win32Thread: fffff90100679b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003037340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address spoolsv!mainCRTStartup (0x000007f7cfbce6e0) Stack Init fffff88014ea7dd0 Current fffff88014ea7900 Base fffff88014ea8000 Limit fffff88014ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14ea7940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14ea7a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14ea7b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14ea7bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14ea7c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ea7c40) 00000000`005bf508 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000000`005bf510 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000000`005bf5b0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000000`005bf6f0 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000000`005bf7f0 000007f7`cfbcae66 sechost!StartServiceCtrlDispatcherW+0x54 00000000`005bf830 000007f7`cfbce7f0 spoolsv!main+0x36 00000000`005bf860 000007fe`f601167e spoolsv!CLock::CLock+0x289 00000000`005bf8a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`005bf8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003056b00 Cid 04c8.04d8 Teb: 000007f7cf338000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b55c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 10343 Ticks: 15730785 (2:20:10:01.818) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014ebcdd0 Current fffff88014ebc900 Base fffff88014ebd000 Limit fffff88014eb7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800305d5c0 Cid 04c8.04e0 Teb: 000007f7cf333000 Win32Thread: fffff901006d9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039f84c0 SynchronizationEvent fffffa800399ab00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18582 Ticks: 15722546 (2:20:07:53.289) Context Switch Count 172 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.078 Win32 Start Address spoolsv!PreInitializeRouter (0x000007f7cfbc4e00) Stack Init fffff88014ec3dd0 Current fffff88014ec3180 Base fffff88014ec4000 Limit fffff88014ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800269c700 Cid 04c8.0b34 Teb: 000007f7cf20e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001892de0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18364 Ticks: 15722764 (2:20:07:56.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff88015512dd0 Current fffff88015512900 Base fffff88015513000 Limit fffff8801550d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002692080 Cid 04c8.0b4c Teb: 000007f7cf20c000 Win32Thread: fffff901006d9290 WAIT: (UserRequest) UserMode Non-Alertable fffffa800399ab80 SynchronizationEvent fffffa80039a16a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15693645 Ticks: 47483 (0:00:12:20.739) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address fdPnp!CPnpProvider::ListenerThread (0x000007feeaa430ec) Stack Init fffff8801516bdd0 Current fffff8801516b180 Base fffff8801516c000 Limit fffff88015166000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1516b1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1516b300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1516b3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1516b470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1516b980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1516bbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1516bc40) 00000000`0126f8c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0126f8d0 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0126fbb0 000007fe`eaa4331c USER32!MsgWaitForMultipleObjects+0x14c 00000000`0126fc60 000007fe`f601167e fdPnp!CPnpProvider::ListenerThread+0x230 00000000`0126fef0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0126ff20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002772080 Cid 04c8.0b54 Teb: 000007f7cf208000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d320 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18614 Ticks: 15722514 (2:20:07:52.790) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address PrintIsolationProxy!sandbox::ModuleManager::DelayUnloadWorkerThread (0x000007feeab85798) Stack Init fffff88003da1dd0 Current fffff88003da1900 Base fffff88003da2000 Limit fffff88003d9c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002767400 Cid 04c8.0b58 Teb: 000007f7cf206000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f29850 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 19667 Ticks: 15721461 (2:20:07:36.363) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address localspl!SchedulerThread (0x000007feeabce168) Stack Init fffff880160f4dd0 Current fffff880160f4900 Base fffff880160f5000 Limit fffff880160ef000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800276f080 Cid 04c8.0b7c Teb: 000007f7cf1fe000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038e98c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18481 Ticks: 15722647 (2:20:07:54.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015534dd0 Current fffff88015534760 Base fffff88015535000 Limit fffff8801552f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002683080 Cid 04c8.05d8 Teb: 000007f7cf204000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038c6a40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 21055 Ticks: 15720073 (2:20:07:14.710) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155b9dd0 Current fffff880155b9760 Base fffff880155ba000 Limit fffff880155b4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d65b00 Cid 04c8.0b10 Teb: 000007f7cf33c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003046d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15728134 Ticks: 12994 (0:00:03:22.707) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173e2dd0 Current fffff880173e2760 Base fffff880173e3000 Limit fffff880173dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`173e27a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173e28e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173e29a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`173e2a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`173e2ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173e2c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173e2c40) 00000000`00befbd8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`00befbe0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`00befe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`00befeb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa800305c740 SessionId: 0 Cid: 04e4 Peb: 7f6fb17c000 ParentCid: 0220 DirBase: 3b3c6000 ObjectTable: fffff8a007e52800 HandleCount: Image: svchost.exe VadRoot fffffa8003b6bb00 Vads 169 Clone 0 Private 2473. Modified 1706. Locked 0. DeviceMap fffff8a002487200 Token fffff8a007e5f060 ElapsedTime 2 Days 20:10:12.144 UserTime 00:00:01.310 KernelTime 00:00:00.374 QuotaPoolUsage[PagedPool] 128712 QuotaPoolUsage[NonPagedPool] 38640 Working Set Sizes (now,min,max) (4814, 50, 345) (19256KB, 200KB, 1380KB) PeakWorkingSetSize 17972 VirtualSize 95 Mb PeakVirtualSize 1155 Mb PageFaultCount 53486 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 4281 Setting context for this process... .process /p /r fffffa800305c740 THREAD fffffa8003007700 Cid 04e4.04e8 Teb: 000007f6fb17e000 Win32Thread: fffff9010067fb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b26060 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679320 Ticks: 61808 (0:00:16:04.210) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88014ed8dd0 Current fffff88014ed8900 Base fffff88014ed9000 Limit fffff88014ed3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14ed8940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14ed8a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14ed8b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14ed8bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14ed8c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ed8c40) 0000006f`50f6f5d8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000006f`50f6f5e0 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 0000006f`50f6f680 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 0000006f`50f6f7c0 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 0000006f`50f6f8c0 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 0000006f`50f6f900 000007f6`fb7a2742 svchost!wmain+0x269 0000006f`50f6f950 000007fe`f601167e svchost!_wmainCRTStartup+0x74 0000006f`50f6f980 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`50f6f9b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800379fb00 Cid 04e4.04fc Teb: 000007f6fb174000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037eb480 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10504 Ticks: 15730624 (2:20:09:59.307) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014eeddd0 Current fffff88014eed900 Base fffff88014eee000 Limit fffff88014ee8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003086b00 Cid 04e4.0500 Teb: 000007f6fb04e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f1d00 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10510 Ticks: 15730618 (2:20:09:59.213) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014ef4dd0 Current fffff88014ef4900 Base fffff88014ef5000 Limit fffff88014eef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030a5080 Cid 04e4.050c Teb: 000007f6fb04c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800309e180 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 269 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90) Stack Init fffff88014f02dd0 Current fffff88014f02900 Base fffff88014f03000 Limit fffff88014efd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f02940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f02a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14f02b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14f02bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14f02c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f02c40) 0000006f`51d1fce8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000006f`51d1fcf0 000007fe`f4113cbd KERNELBASE!WaitForSingleObjectEx+0x92 0000006f`51d1fd90 000007fe`f601167e AUTHZ!AuthzpDeQueueThreadWorker+0x2d 0000006f`51d1fdd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`51d1fe00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003009b00 Cid 04e4.0518 Teb: 000007f6fb048000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030a27d0 SynchronizationEvent fffffa8001cd23f0 NotificationEvent fffffa8003b558f0 NotificationEvent fffffa8001cd22f0 NotificationEvent fffffa80030b4fe0 NotificationEvent IRP List: fffffa800266bdf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8002ea3820: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f9c580: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003e71ae0: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 238 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address mpssvc!FwCachedStoreEnumBlobs (0x000007feef77c5b0) Stack Init fffff88014f10dd0 Current fffff88014f10180 Base fffff88014f11000 Limit fffff88014f0b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f101c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f10300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f103c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f10470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f10980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f10bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f10c40) 0000006f`51e4f768 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`51e4f770 000007fe`ef77c750 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`51e4fa50 000007fe`f601167e mpssvc!FwCachedStoreEnumBlobs+0x2a1 0000006f`51e4fb50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`51e4fb80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030a4080 Cid 04e4.0524 Teb: 000007f6fb044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b566f0 SynchronizationEvent fffffa8003082470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736866 Ticks: 4262 (0:00:01:06.487) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bfe!BfeNetEventRealTimeWorker (0x000007feef8a2b3c) Stack Init fffff88014f25dd0 Current fffff88014f25180 Base fffff88014f26000 Limit fffff88014f20000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f251c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f25300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f253c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f25470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f25980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f25bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f25c40) 0000006f`51f4fa38 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 0000006f`51f4fa40 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 0000006f`51f4faa0 000007fe`ef8a2b53 KERNELBASE!ProcessTrace+0x1bf 0000006f`51f4fd50 000007fe`f601167e bfe!BfeNetEventRealTimeWorker+0x17 0000006f`51f4fd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`51f4fdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030bf7c0 Cid 04e4.0528 Teb: 000007f6fb042000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800309c880 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679399 Ticks: 61729 (0:00:16:02.978) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.187 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f3add0 Current fffff88014f3a760 Base fffff88014f3b000 Limit fffff88014f35000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f3a7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f3a8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14f3a9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14f3aa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14f3aae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f3ac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f3ac40) 0000006f`51fcfb58 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`51fcfb60 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`51fcfe00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`51fcfe30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b1e080 Cid 04e4.054c Teb: 000007f6fb03e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b63900 SynchronizationEvent fffffa8003b621a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 513 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f64dd0 Current fffff88014f64180 Base fffff88014f65000 Limit fffff88014f5f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f641c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f64300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f643c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f64470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f64980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f64bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f64c40) 0000006f`520cf148 000007fe`f4fefaa7 ntdll!NtWaitForMultipleObjects+0xa 0000006f`520cf150 000007fe`f502e61b KERNELBASE!EtwpProcessRealTimeTraces+0x73 0000006f`520cf1b0 000007fe`ef66d6c7 KERNELBASE!ProcessTrace+0x1bf 0000006f`520cf460 000007fe`ef66d227 dps!DpsRun+0xd3 0000006f`520cf670 000007f6`fb7a12f3 dps!ServiceMain+0x127 0000006f`520cf6b0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 0000006f`520cf800 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 0000006f`520cf830 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`520cf860 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b27080 Cid 04e4.0550 Teb: 000007f6fb03c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80030ae430 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679709 Ticks: 61419 (0:00:15:58.142) Context Switch Count 2557 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address mpssvc!NVNWorkerThread (0x000007feef7888e0) Stack Init fffff88014f6bdd0 Current fffff88014f6b900 Base fffff88014f6c000 Limit fffff88014f66000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f6b940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f6ba80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14f6bb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14f6bbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14f6bc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f6bc40) 0000006f`5214f9e8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000006f`5214f9f0 000007fe`ef788909 KERNELBASE!WaitForSingleObjectEx+0x92 0000006f`5214fa90 000007fe`f601167e mpssvc!NVNWorkerThread+0x2d 0000006f`5214fac0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`5214faf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b25080 Cid 04e4.0554 Teb: 000007f6fb03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003b27890 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13505 Ticks: 15727623 (2:20:09:12.491) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpssvc!FwDynDataNotifySinkProc (0x000007feef7a5230) Stack Init fffff88014f72dd0 Current fffff88014f72900 Base fffff88014f73000 Limit fffff88014f6d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b25b00 Cid 04e4.0558 Teb: 000007f6fb038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b27700 SynchronizationEvent fffffa8003b27780 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680160 Ticks: 60968 (0:00:15:51.106) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpssvc!FwMonitorQuarantineState (0x000007feef788570) Stack Init fffff88014f79dd0 Current fffff88014f79180 Base fffff88014f7a000 Limit fffff88014f74000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f791c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f79300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14f793c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14f79470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14f79980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14f79bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f79c40) 0000006f`5224f578 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`5224f580 000007fe`ef788641 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`5224f860 000007fe`f601167e mpssvc!FwMonitorQuarantineState+0xc9 0000006f`5224f8b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`5224f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b23b00 Cid 04e4.0570 Teb: 000007f6fb034000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b677d0 NotificationEvent fffffa8003b70a50 SynchronizationEvent fffffa8003b709d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719355 Ticks: 21773 (0:00:05:39.660) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address dps!DpspBackgroundControl (0x000007feef6631a0) Stack Init fffff88014fa3dd0 Current fffff88014fa3180 Base fffff88014fa4000 Limit fffff88014f9e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14fa31c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fa3300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14fa33c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`14fa3470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14fa3980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14fa3bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fa3c40) 0000006f`5236fa98 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`5236faa0 000007fe`ef663292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`5236fd80 000007fe`f601167e dps!DpspBackgroundControl+0xf6 0000006f`5236fe10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`5236fe40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030b1700 Cid 04e4.0768 Teb: 000007f6fb036000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea15a0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12536 Ticks: 15728592 (2:20:09:27.607) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dps!_imp_load_WdipLaunchLocalHost (0x000007feef669c68) Stack Init fffff88015faadd0 Current fffff88015faa900 Base fffff88015fab000 Limit fffff88015fa5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f38080 Cid 04e4.06a4 Teb: 000007f6fb026000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f196b0 NotificationEvent fffffa8003f2ae60 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15691573 Ticks: 49555 (0:00:12:53.062) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wdiasqmmodule!WDIASqmNamespace::CASqmManager::static_UpdateThreadProc (0x000007feebc424e8) Stack Init fffff88016092dd0 Current fffff88016092180 Base fffff88016093000 Limit fffff8801608d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160921c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16092300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`160923c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16092470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16092980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16092bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16092c40) 0000006f`52e8f528 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`52e8f530 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`52e8f810 000007fe`ebc42588 KERNEL32!WaitForMultipleObjects+0x12 0000006f`52e8f850 000007fe`f601167e wdiasqmmodule!WDIASqmNamespace::CASqmManager::static_UpdateThreadProc+0xa0 0000006f`52e8f8a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`52e8f8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e2db00 Cid 04e4.0754 Teb: 000007f6fb024000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e202d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wpnsruprov!WpnSruServerHost (0x000007feebc11544) Stack Init fffff880161bfdd0 Current fffff880161bf900 Base fffff880161c0000 Limit fffff880161ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f3c080 Cid 04e4.0770 Teb: 000007f6fb022000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003da61a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679073 Ticks: 62055 (0:00:16:08.064) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address energyprov!SrumtelRunEventQueueWorker (0x000007feebbf55dc) Stack Init fffff880161c6dd0 Current fffff880161c6900 Base fffff880161c7000 Limit fffff880161c1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161c6940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161c6a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`161c6b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`161c6bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`161c6c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161c6c40) 0000006f`52f8fb58 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000006f`52f8fb60 000007fe`ebbf4c6b KERNELBASE!WaitForSingleObjectEx+0x92 0000006f`52f8fc00 000007fe`ebbf562a energyprov!SrumtelGetEvent+0x33 0000006f`52f8fc30 000007fe`f601167e energyprov!SrumtelRunEventQueueWorker+0x4e 0000006f`52f8fcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`52f8fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c0b080 Cid 04e4.0198 Teb: 000007f6fb04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003956ca0 NotificationEvent fffffa80017fbad0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 27182 Ticks: 15713946 (2:20:05:39.128) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address radardt!RdrpMonitorResources (0x000007fef0014910) Stack Init fffff880164fcdd0 Current fffff880164fc180 Base fffff880164fd000 Limit fffff880164f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd7080 Cid 04e4.0dfc Teb: 000007f6fb17a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c82890 NotificationEvent fffffa8004069060 NotificationTimer fffffa80041feac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 352 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address radardt!RdrpMonitorCommitCharge (0x000007fef0011044) Stack Init fffff8801736add0 Current fffff8801736a180 Base fffff8801736b000 Limit fffff88017365000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1736a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1736a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1736a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1736a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1736a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1736abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1736ac40) 0000006f`5167fbf8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000006f`5167fc00 000007fe`f0011149 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000006f`5167fee0 000007fe`f601167e radardt!RdrpMonitorCommitCharge+0x133 0000006f`5167ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`5167ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800211a5c0 Cid 04e4.0d24 Teb: 000007f6fb176000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 1087 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015061dd0 Current fffff88015061760 Base fffff88015062000 Limit fffff8801505c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150617a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150618e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150619a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15061a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15061ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15061c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15061c40) 0000006f`0007fb08 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`0007fb10 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`0007fdb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`0007fde0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e91080 Cid 04e4.0f5c Teb: 000007f6fb178000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 942 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014ee6dd0 Current fffff88014ee6760 Base fffff88014ee7000 Limit fffff88014ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14ee67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14ee68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14ee69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14ee6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14ee6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14ee6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ee6c40) 0000006f`001ff628 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`001ff630 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`001ff8d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`001ff900 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018d4780 Cid 04e4.0a58 Teb: 000007f6fb040000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 300 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017117dd0 Current fffff88017117760 Base fffff88017118000 Limit fffff88017112000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171177a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171178e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171179a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17117a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17117ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17117c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17117c40) 0000006f`0017fc68 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`0017fc70 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`0017ff10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`0017ff40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800307db00 Cid 04e4.012c Teb: 000007f6fb046000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017125dd0 Current fffff88017125760 Base fffff88017126000 Limit fffff88017120000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171257a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171258e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171259a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17125a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17125ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17125c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17125c40) 0000006f`000ffbe8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000006f`000ffbf0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000006f`000ffe90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000006f`000ffec0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80039a9940 SessionId: 0 Cid: 0598 Peb: 7f680503000 ParentCid: 0220 DirBase: 3e8d9000 ObjectTable: fffff8a002749980 HandleCount: Image: MsMpEng.exe VadRoot fffffa8001d5c8f0 Vads 562 Clone 0 Private 15827. Modified 187229. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a00661f060 ElapsedTime 2 Days 20:10:06.404 UserTime 00:00:28.984 KernelTime 00:00:04.009 QuotaPoolUsage[PagedPool] 229304 QuotaPoolUsage[NonPagedPool] 78016 Working Set Sizes (now,min,max) (11514, 50, 345) (46056KB, 200KB, 1380KB) PeakWorkingSetSize 89567 VirtualSize 199 Mb PeakVirtualSize 509 Mb PageFaultCount 850028 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 17114 Setting context for this process... .process /p /r fffffa80039a9940 THREAD fffffa8003b8bb00 Cid 0598.059c Teb: 000007f68050e000 Win32Thread: fffff90100685290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba4060 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address MsMpEng!AbsMain (0x000007f680bf10d8) Stack Init fffff880155c0dd0 Current fffff880155c0900 Base fffff880155c1000 Limit fffff880155bb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155c0940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155c0a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`155c0b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`155c0bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`155c0c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155c0c40) 00000071`da3df558 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000071`da3df560 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000071`da3df600 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000071`da3df740 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000071`da3df840 000007fe`ef2e5d43 sechost!StartServiceCtrlDispatcherW+0x54 00000071`da3df880 000007fe`ef2dbdc2 mpsvc!CommonUtil::CServiceHandler::Dispatch+0x75 00000071`da3df8e0 000007f6`80bf10eb mpsvc!ServiceCrtMain+0xe6 00000071`da3df930 000007fe`f601167e MsMpEng!AbsMain+0x13 00000071`da3df960 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`da3df990 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800302eb00 Cid 0598.05c0 Teb: 000007f68050c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8003bcc6c0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736406 Ticks: 4722 (0:00:01:13.663) Context Switch Count 1304 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e76dd0 Current fffff88014e76760 Base fffff88014e77000 Limit fffff88014e71000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e767a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e768e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e769a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e76a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e76ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e76c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e76c40) 00000071`daabfba8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`daabfbb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`daabfe50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`daabfe80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003be8b00 Cid 0598.0618 Teb: 000007f680506000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003ba9380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15722723 Ticks: 18405 (0:00:04:47.119) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e14dd0 Current fffff88015e14760 Base fffff88015e15000 Limit fffff88015e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15e147a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e148e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e149a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e14a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15e14ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e14c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e14c40) 00000071`dadbf4e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`dadbf4f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`dadbf790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`dadbf7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bce080 Cid 0598.0674 Teb: 000007f6803da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.717 KernelTime 00:00:00.046 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e61dd0 Current fffff88015e617a0 Base fffff88015e62000 Limit fffff88015e5c000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bce9c0 Cid 0598.0678 Teb: 000007f6803d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690575 Ticks: 50553 (0:00:13:08.631) Context Switch Count 2401 IdealProcessor: 0 UserTime 00:00:05.475 KernelTime 00:00:00.374 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014f80dd0 Current fffff88014f807a0 Base fffff88014f81000 Limit fffff88014f7b000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f807e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f80920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14f809e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14f80a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`14f80b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`14f80bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f80c40) 00000071`db39f898 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000071`db39f8a0 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000071`db39f900 000007fe`eea539b3 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000071`db39f940 000007fe`eea53927 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequest+0x53 00000071`db39f9a0 000007fe`eea53741 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequestEx+0x37 00000071`db39f9f0 000007fe`eea641be mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorMainFunction+0x2d8 00000071`db39fac0 000007fe`f782707b mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorThread+0x2e 00000071`db39fb10 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000071`db39fb40 000007fe`f601167e msvcrt!endthreadex+0xac 00000071`db39fb70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`db39fba0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003de5b00 Cid 0598.067c Teb: 000007f6803d6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15735445 Ticks: 5683 (0:00:01:28.655) Context Switch Count 6123 IdealProcessor: 0 UserTime 00:00:16.068 KernelTime 00:00:01.201 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014fb8dd0 Current fffff88014fb87a0 Base fffff88014fb9000 Limit fffff88014fb3000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14fb87e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14fb8920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14fb89e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14fb8a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`14fb8b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`14fb8bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fb8c40) 00000071`db41fb58 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000071`db41fb60 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000071`db41fbc0 000007fe`eea539b3 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000071`db41fc00 000007fe`eea53927 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequest+0x53 00000071`db41fc60 000007fe`eea53741 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequestEx+0x37 00000071`db41fcb0 000007fe`eea641be mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorMainFunction+0x2d8 00000071`db41fd80 000007fe`f782707b mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorThread+0x2e 00000071`db41fdd0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000071`db41fe00 000007fe`f601167e msvcrt!endthreadex+0xac 00000071`db41fe30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`db41fe60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b88080 Cid 0598.0680 Teb: 000007f6803d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 4005 IdealProcessor: 0 UserTime 00:00:09.172 KernelTime 00:00:00.904 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e6fdd0 Current fffff88015e6f7a0 Base fffff88015e70000 Limit fffff88015e6a000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e6f7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e6f920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e6f9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e6fa90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`15e6fb20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`15e6fbd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e6fc40) 00000071`db49f728 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000071`db49f730 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000071`db49f790 000007fe`eea539b3 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000071`db49f7d0 000007fe`eea53927 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequest+0x53 00000071`db49f830 000007fe`eea53741 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequestEx+0x37 00000071`db49f880 000007fe`eea641be mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorMainFunction+0x2d8 00000071`db49f950 000007fe`f782707b mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorThread+0x2e 00000071`db49f9a0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000071`db49f9d0 000007fe`f601167e msvcrt!endthreadex+0xac 00000071`db49fa00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`db49fa30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003dff080 Cid 0598.0684 Teb: 000007f6803d2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 3912 IdealProcessor: 0 UserTime 00:00:08.049 KernelTime 00:00:00.405 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e76dd0 Current fffff88015e767a0 Base fffff88015e77000 Limit fffff88015e71000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcdb00 Cid 0598.0688 Teb: 000007f6803d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690558 Ticks: 50570 (0:00:13:08.897) Context Switch Count 5483 IdealProcessor: 0 UserTime 00:00:09.812 KernelTime 00:00:00.639 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e7ddd0 Current fffff88015e7d7a0 Base fffff88015e7e000 Limit fffff88015e78000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15e7d7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e7d920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e7d9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e7da90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`15e7db20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`15e7dbd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e7dc40) 00000071`db59f7e8 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000071`db59f7f0 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000071`db59f850 000007fe`eea539b3 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000071`db59f890 000007fe`eea53927 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequest+0x53 00000071`db59f8f0 000007fe`eea53741 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequestEx+0x37 00000071`db59f940 000007fe`eea641be mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorMainFunction+0x2d8 00000071`db59fa10 000007fe`f782707b mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorThread+0x2e 00000071`db59fa60 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000071`db59fa90 000007fe`f601167e msvcrt!endthreadex+0xac 00000071`db59fac0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`db59faf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003dec080 Cid 0598.068c Teb: 000007f6803ce000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 354 IdealProcessor: 0 UserTime 00:00:00.514 KernelTime 00:00:00.031 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e84dd0 Current fffff88015e847a0 Base fffff88015e85000 Limit fffff88015e7f000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003decb00 Cid 0598.0690 Teb: 000007f6803cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039a07c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 1014 IdealProcessor: 0 UserTime 00:00:01.825 KernelTime 00:00:00.187 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e8bdd0 Current fffff88015e8b7a0 Base fffff88015e8c000 Limit fffff88015e86000 Call 0 Priority 4 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 1 Child-SP RetAddr Call Site fffff880`15e8b7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e8b920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e8b9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e8ba90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`15e8bb20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`15e8bbd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e8bc40) 00000071`db69f998 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000071`db69f9a0 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000071`db69fa00 000007fe`eea539b3 KERNEL32!GetQueuedCompletionStatusStub+0x12 00000071`db69fa40 000007fe`eea53927 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequest+0x53 00000071`db69faa0 000007fe`eea53741 mprtp!RealtimeProtection::CFilterCommunicatorBase::GetNextFilterRequestEx+0x37 00000071`db69faf0 000007fe`eea641be mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorMainFunction+0x2d8 00000071`db69fbc0 000007fe`f782707b mprtp!RealtimeProtection::CFilterCommunicatorBase::CommunicatorThread+0x2e 00000071`db69fc10 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000071`db69fc40 000007fe`f601167e msvcrt!endthreadex+0xac 00000071`db69fc70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`db69fca0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e0db00 Cid 0598.06cc Teb: 000007f6803ca000 Win32Thread: fffff90100695b90 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8001d57850: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736443 Ticks: 4685 (0:00:01:13.086) Context Switch Count 5746 IdealProcessor: 0 UserTime 00:00:11.980 KernelTime 00:00:01.435 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e30dd0 Current fffff88015e30760 Base fffff88015e31000 Limit fffff88015e2b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e307a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e308e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e309a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e30a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15e30ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e30c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e30c40) 00000071`e047f808 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`e047f810 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`e047fab0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`e047fae0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e43080 Cid 0598.04ec Teb: 000007f68050a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 3521 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e92dd0 Current fffff88015e92760 Base fffff88015e93000 Limit fffff88015e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e927a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e928e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e929a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e92a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15e92ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e92c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e92c40) 00000071`dab3f6b8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`dab3f6c0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`dab3f960 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`dab3f990 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002612980 Cid 0598.08e4 Teb: 000007f680504000 Win32Thread: fffff901006f3010 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1419 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161b8dd0 Current fffff880161b8760 Base fffff880161b9000 Limit fffff880161b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`161b87a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161b88e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`161b89a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`161b8a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`161b8ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161b8c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161b8c40) 00000071`dac3fa48 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`dac3fa50 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`dac3fcf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`dac3fd20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80041af080 Cid 0598.03a4 Teb: 000007f6803a8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740224 Ticks: 904 (0:00:00:14.102) Context Switch Count 77 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017468dd0 Current fffff88017468760 Base fffff88017469000 Limit fffff88017463000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174687a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174688e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174689a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17468a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17468ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17468c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17468c40) 00000071`e4b8f548 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`e4b8f550 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`e4b8f7f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`e4b8f820 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cf5b00 Cid 0598.0f54 Teb: 000007f6803a4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f337b0 NotificationEvent fffffa8003dde9b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15737894 Ticks: 3234 (0:00:00:50.450) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015109dd0 Current fffff88015109180 Base fffff8801510a000 Limit fffff88015104000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 *** ERROR: Symbol file could not be found. Defaulted to export symbols for mpengine.dll - Child-SP RetAddr Call Site fffff880`151091c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15109300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`151093c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15109470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15109980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15109bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15109c40) 00000071`e633f628 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000071`e633f630 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000071`e633f910 000007fe`e261eccc KERNEL32!WaitForMultipleObjects+0x12 00000071`e633f950 000007fe`e261ece7 mpengine!rsignal+0x12ca2c 00000071`e633f980 00000000`00000000 mpengine!rsignal+0x12ca47 THREAD fffffa8001d1d700 Cid 0598.0e38 Teb: 000007f6803c8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016581dd0 Current fffff88016581760 Base fffff88016582000 Limit fffff8801657c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165817a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165818e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165819a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16581a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16581ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16581c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16581c40) 00000071`dae3fad8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000071`dae3fae0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000071`dae3fd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000071`dae3fdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003d8f080 SessionId: 0 Cid: 063c Peb: 7f6e696f000 ParentCid: 03f0 DirBase: 0a9ad000 ObjectTable: fffff8a0005f2f00 HandleCount: Image: dasHost.exe VadRoot fffffa8003d88520 Vads 91 Clone 0 Private 622. Modified 91. Locked 0. DeviceMap fffff8a002487200 Token fffff8a00667b770 ElapsedTime 2 Days 20:09:57.870 UserTime 00:00:00.171 KernelTime 00:00:00.171 QuotaPoolUsage[PagedPool] 147056 QuotaPoolUsage[NonPagedPool] 11888 Working Set Sizes (now,min,max) (2803, 50, 345) (11212KB, 200KB, 1380KB) PeakWorkingSetSize 3077 VirtualSize 68 Mb PeakVirtualSize 80 Mb PageFaultCount 3908 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 881 Setting context for this process... .process /p /r fffffa8003d8f080 THREAD fffffa8003d82500 Cid 063c.0640 Teb: 000007f6e696d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbe6a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 11259 Ticks: 15729869 (2:20:09:47.529) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address dashost!wmainCRTStartup (0x000007f6e73fbe5c) Stack Init fffff88014f33dd0 Current fffff88014f33900 Base fffff88014f34000 Limit fffff88014f2e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e29b00 Cid 063c.0124 Teb: 000007f6e6963000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e29ea8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a006688cf0 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38) Stack Init fffff880161a3dd0 Current fffff880161a3660 Base fffff880161a4000 Limit fffff8801619e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161a36a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161a37e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`161a38a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`161a3930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`161a39e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`161a3a40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`161a3b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`161a3bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161a3c40) 00000053`426ff318 000007fe`f5beb3ef ntdll!NtAlpcSendWaitReceivePort+0xa 00000053`426ff320 000007fe`f5cf6df2 RPCRT4!LRPC_CCALL::SendReceive+0x14f 00000053`426ff400 000007fe`f5cf7d09 RPCRT4!NdrpClientCall3+0x725 00000053`426ff750 000007fe`eef05cbb RPCRT4!NdrClientCall3+0xed 00000053`426ffae0 000007fe`f601167e SSDPAPI!GetNotificationLoop+0x83 00000053`426ffb50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000053`426ffb80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003fc4b00 Cid 063c.0828 Teb: 000007f6e683e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f64cc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679298 Ticks: 61830 (0:00:16:04.554) Context Switch Count 27 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161aadd0 Current fffff880161aa760 Base fffff880161ab000 Limit fffff880161a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161aa7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161aa8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`161aa9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`161aaa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`161aaae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161aac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161aac40) 00000053`4277fa18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000053`4277fa20 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000053`4277fcc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000053`4277fcf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f23740 Cid 063c.0d28 Teb: 000007f6e6965000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0d280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15703645 Ticks: 37483 (0:00:09:44.738) Context Switch Count 1173 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015406dd0 Current fffff88015406760 Base fffff88015407000 Limit fffff88015401000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154067a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154068e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`154069a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15406a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15406ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15406c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15406c40) 00000053`4267f888 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000053`4267f890 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000053`4267fb30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000053`4267fb60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003eec940 SessionId: 0 Cid: 07e8 Peb: 7f6fa92f000 ParentCid: 0220 DirBase: 3fdd9000 ObjectTable: fffff8a0006d3f00 HandleCount: Image: svchost.exe VadRoot fffffa8003ef2610 Vads 162 Clone 0 Private 1095. Modified 369. Locked 134. DeviceMap fffff8a002487200 Token fffff8a0027da770 ElapsedTime 2 Days 20:09:34.985 UserTime 00:00:00.374 KernelTime 00:00:00.390 QuotaPoolUsage[PagedPool] 194616 QuotaPoolUsage[NonPagedPool] 32784 Working Set Sizes (now,min,max) (4377, 50, 345) (17508KB, 200KB, 1380KB) PeakWorkingSetSize 4553 VirtualSize 94 Mb PeakVirtualSize 99 Mb PageFaultCount 9698 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1532 Setting context for this process... .process /p /r fffffa8003eec940 THREAD fffffa8003ee5800 Cid 07e8.07ec Teb: 000007f6fa92d000 Win32Thread: fffff901006993a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039b6c30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff88016061dd0 Current fffff88016061900 Base fffff88016062000 Limit fffff8801605c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16061940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16061a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16061b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16061bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16061c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16061c40) 00000055`9050faf8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000055`9050fb00 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000055`9050fba0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000055`9050fce0 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000055`9050fde0 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 00000055`9050fe20 000007f6`fb7a2742 svchost!wmain+0x269 00000055`9050fe70 000007fe`f601167e svchost!_wmainCRTStartup+0x74 00000055`9050fea0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9050fed0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f00080 Cid 07e8.03fc Teb: 000007f6fa92b000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24c40 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 1587 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016084dd0 Current fffff88016084180 Base fffff88016085000 Limit fffff8801607f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160841c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16084300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`160843c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16084470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16084980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16084bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16084c40) 00000055`90bde758 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`90bde760 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`90bdea40 000007fe`ed351fd0 KERNEL32!WaitForMultipleObjects+0x12 00000055`90bdea80 000007fe`f5be2005 ssdpsrv!GetNotificationRpc+0x70 00000055`90bdeac0 000007fe`f5cf6221 RPCRT4!Invoke+0x65 00000055`90bdeb10 000007fe`f5be3cdc RPCRT4!Ndr64StubWorker+0xc01 00000055`90bdf180 000007fe`f5be22a4 RPCRT4!NdrServerCallAll+0x3c 00000055`90bdf1d0 000007fe`f5be21bd RPCRT4!DispatchToStubInCNoAvrf+0x14 00000055`90bdf220 000007fe`f5be2db3 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x17d 00000055`90bdf3c0 000007fe`f5be29fc RPCRT4!LRPC_SCALL::DispatchRequest+0x91e 00000055`90bdf4c0 000007fe`f5be27ad RPCRT4!LRPC_SCALL::HandleRequest+0x7d2 00000055`90bdf610 000007fe`f5be160b RPCRT4!LRPC_ADDRESS::ProcessIO+0x17bb 00000055`90bdf780 000007fe`f7ecc57b RPCRT4!LrpcIoComplete+0x97 00000055`90bdf810 000007fe`f7ec85c6 ntdll!TppAlpcpExecuteCallback+0x21b 00000055`90bdf930 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000055`90bdfbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`90bdfc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f17080 Cid 07e8.04dc Teb: 000007f6fa923000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f0acc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685436 Ticks: 55692 (0:00:14:28.800) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160dfdd0 Current fffff880160df760 Base fffff880160e0000 Limit fffff880160da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160df7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160df8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`160df9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`160dfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`160dfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160dfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160dfc40) 00000055`9139f4d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9139f4e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9139f780 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9139f7b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e1e080 Cid 07e8.0608 Teb: 000007f6fa7fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039e2380 NotificationEvent IRP List: fffffa80027a28a0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 381 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ssdpsrv!CSsdpSearchRequestManager::DwSearchThreadProc (0x000007feed350ce0) Stack Init fffff880160bcdd0 Current fffff880160bc900 Base fffff880160bd000 Limit fffff880160b7000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`160bc940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160bca80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`160bcb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`160bcbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`160bcc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160bcc40) 00000055`9161f398 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 00000055`9161f3a0 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 00000055`9161f420 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 00000055`9161f5c0 000007fe`ed347625 WS2_32!select+0x185 00000055`9161f6b0 000007fe`ed3474a7 ssdpsrv!CSsdpSearchSocketManager::GetReadableSocketCount+0x125 00000055`9161f700 000007fe`f601167e ssdpsrv!CSsdpSearchRequestManager::DwThreadFunc+0x88 00000055`9161f9a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9161f9d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f78080 Cid 07e8.05f8 Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800366e3e0 SynchronizationEvent fffffa800372e3f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ssdpsrv!CReceiveDataManager::ThreadFunc (0x000007feed3431b0) Stack Init fffff8801600ddd0 Current fffff8801600d180 Base fffff8801600e000 Limit fffff88016008000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1600d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1600d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1600d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1600d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1600d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1600dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1600dc40) 00000055`9171f7e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`9171f7f0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`9171fad0 000007fe`ed3433a3 KERNEL32!WaitForMultipleObjects+0x12 00000055`9171fb10 000007fe`f601167e ssdpsrv!CReceiveDataManager::ThreadFunc+0x1fb 00000055`9171fc70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9171fca0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e04080 Cid 07e8.02c8 Teb: 000007f6fa7f4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039d7940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679291 Ticks: 61837 (0:00:16:04.663) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016172dd0 Current fffff88016172760 Base fffff88016173000 Limit fffff8801616d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161727a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161728e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`161729a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16172a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16172ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16172c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16172c40) 00000055`9179fc18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9179fc20 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9179fec0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9179fef0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003df94c0 Cid 07e8.0248 Teb: 000007f6fa7ee000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24820 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016195dd0 Current fffff88016195180 Base fffff88016196000 Limit fffff88016190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e8d880 Cid 07e8.0544 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea9d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18772 Ticks: 15722356 (2:20:07:50.325) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0) Stack Init fffff8801616bdd0 Current fffff8801616b900 Base fffff8801616c000 Limit fffff88016166000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ef7b00 Cid 07e8.04a8 Teb: 000007f6fa7e4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8004018400 SynchronizationEvent fffffa8003d898b0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18771 Ticks: 15722357 (2:20:07:50.341) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address FunDisc!CRegProvider::ThreadProc (0x000007feec27708c) Stack Init fffff88016099dd0 Current fffff88016099180 Base fffff8801609a000 Limit fffff88016094000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f26080 Cid 07e8.057c Teb: 000007f6fa7e2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f28380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679660 Ticks: 61468 (0:00:15:58.906) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801613add0 Current fffff8801613a760 Base fffff8801613b000 Limit fffff88016135000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1613a7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1613a8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1613a9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1613aa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1613aae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1613ac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1613ac40) 00000055`91c1fa08 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`91c1fa10 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`91c1fcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`91c1fce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003ed8b00 Cid 07e8.0874 Teb: 000007f6fa7f2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e0c640 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679749 Ticks: 61379 (0:00:15:57.518) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162b6dd0 Current fffff880162b6760 Base fffff880162b7000 Limit fffff880162b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162b67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162b68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162b69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`162b6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`162b6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162b6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162b6c40) 00000055`9181fb18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9181fb20 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9181fdc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9181fdf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002c4fb00 Cid 07e8.0bd4 Teb: 000007f6fa929000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f5f980 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 95 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801608bdd0 Current fffff8801608b760 Base fffff8801608c000 Limit fffff88016086000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1608b7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1608b8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1608b9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1608ba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1608bae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1608bc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1608bc40) 00000055`90c5f598 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`90c5f5a0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`90c5f840 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`90c5f870 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003657b00 Cid 07e8.0734 Teb: 000007f6fa925000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8002c64930 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1198 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164bddd0 Current fffff880164bd180 Base fffff880164be000 Limit fffff880164b8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`164bd1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164bd300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`164bd3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`164bd470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`164bd980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`164bdbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164bdc40) 00000055`90d5e9f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`90d5ea00 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`90d5ece0 000007fe`ed351fd0 KERNEL32!WaitForMultipleObjects+0x12 00000055`90d5ed20 000007fe`f5be2005 ssdpsrv!GetNotificationRpc+0x70 00000055`90d5ed60 000007fe`f5cf6221 RPCRT4!Invoke+0x65 00000055`90d5edb0 000007fe`f5be3cdc RPCRT4!Ndr64StubWorker+0xc01 00000055`90d5f420 000007fe`f5be22a4 RPCRT4!NdrServerCallAll+0x3c 00000055`90d5f470 000007fe`f5be21bd RPCRT4!DispatchToStubInCNoAvrf+0x14 00000055`90d5f4c0 000007fe`f5be2db3 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x17d 00000055`90d5f660 000007fe`f5be29fc RPCRT4!LRPC_SCALL::DispatchRequest+0x91e 00000055`90d5f760 000007fe`f5be27ad RPCRT4!LRPC_SCALL::HandleRequest+0x7d2 00000055`90d5f8b0 000007fe`f5be160b RPCRT4!LRPC_ADDRESS::ProcessIO+0x17bb 00000055`90d5fa20 000007fe`f7ecc57b RPCRT4!LrpcIoComplete+0x97 00000055`90d5fab0 000007fe`f7ec85c6 ntdll!TppAlpcpExecuteCallback+0x21b 00000055`90d5fbd0 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000055`90d5fe70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`90d5fea0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d51080 Cid 07e8.0be0 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0cb0 NotificationEvent fffffa80027a8800 SynchronizationEvent IRP List: fffffa8003e1f620: (0006,01f0) Flags: 00060030 Mdl: fffffa80037368b0 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679261 Ticks: 61867 (0:00:16:05.131) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!BaseHttpListener::DoReceiveRequestHeadersStub (0x000007feeae57300) Stack Init fffff88015f8edd0 Current fffff88015f8e180 Base fffff88015f8f000 Limit fffff88015f89000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15f8e1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f8e300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15f8e3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15f8e470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15f8e980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15f8ebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f8ec40) 00000055`9227fb18 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`9227fb20 000007fe`eae42dd9 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`9227fe00 000007fe`f601167e upnphost!BaseHttpListener::DoReceiveRequestHeaders+0x169 00000055`9227fea0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9227fed0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c87b00 Cid 07e8.0b24 Teb: 000007f6fa7d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c6fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0) Stack Init fffff8801606fdd0 Current fffff8801606f900 Base fffff88016070000 Limit fffff8801606a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1606f940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1606fa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1606fb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1606fbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1606fc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1606fc40) 00000055`9247f788 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000055`9247f790 000007fe`eae8645d KERNELBASE!WaitForSingleObjectEx+0x92 00000055`9247f830 000007fe`eae863d9 upnphost!SVSThreadPool::Worker+0x75 00000055`9247f880 000007fe`f601167e upnphost!SVSThreadPool::SVSThreadPoolWorkerThread+0x9 00000055`9247f8b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9247f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e1ab00 Cid 07e8.0d80 Teb: 000007f6fa7d4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0) Stack Init fffff8801740ddd0 Current fffff8801740d900 Base fffff8801740e000 Limit fffff88017408000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1740d940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1740da80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1740db40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1740dbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1740dc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1740dc40) 00000055`924ffbb8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000055`924ffbc0 000007fe`eae8645d KERNELBASE!WaitForSingleObjectEx+0x92 00000055`924ffc60 000007fe`eae863d9 upnphost!SVSThreadPool::Worker+0x75 00000055`924ffcb0 000007fe`f601167e upnphost!SVSThreadPool::SVSThreadPoolWorkerThread+0x9 00000055`924ffce0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`924ffd10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d0c080 Cid 07e8.0ca8 Teb: 000007f6fa7cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbf240 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679404 Ticks: 61724 (0:00:16:02.900) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801624ddd0 Current fffff8801624d760 Base fffff8801624e000 Limit fffff88016248000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1624d7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1624d8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1624d9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1624da50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1624dae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1624dc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1624dc40) 00000055`926ff758 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`926ff760 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`926ffa00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`926ffa30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e1a280 Cid 07e8.0b08 Teb: 000007f6fa7dc000 Win32Thread: fffff90100702b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003642e90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15729717 Ticks: 11411 (0:00:02:58.012) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017500dd0 Current fffff880175005f0 Base fffff88017501000 Limit fffff880174fb000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17500630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17500770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17500830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`175008c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`17500970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`17500a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`17500a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`17500bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`17500c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17500c40) 00000055`9237fa28 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 00000055`9237fa30 000007fe`f7ba9f50 user32!GetMessageW+0x25 00000055`9237fa60 000007fe`f7b74d49 combase!CDllHost::STAWorkerLoop+0x54 00000055`9237fad0 000007fe`f7b32218 combase!CDllHost::WorkerThread+0xc1 00000055`9237fb10 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000055`9237fd80 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000055`9237fdb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9237fde0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800218f9c0 Cid 07e8.0630 Teb: 000007f6fa7fe000 Win32Thread: fffff901006d7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033a39f0 Semaphore Limit 0x1f4 fffffa8002cfe8b0 NotificationEvent fffffa8003dc2620 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 272 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161cddd0 Current fffff880161cd180 Base fffff880161ce000 Limit fffff880161c8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`161cd1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161cd300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`161cd3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`161cd470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`161cd980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`161cdbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161cdc40) 00000055`9159e358 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`9159e360 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`9159e640 000007fe`ed347b76 KERNEL32!WaitForMultipleObjects+0x12 00000055`9159e680 000007fe`f5be2005 ssdpsrv!CSsdpSearchRequest::HrGetSearchNotification+0x76 00000055`9159e6d0 000007fe`f5cf6221 RPCRT4!Invoke+0x65 00000055`9159e720 000007fe`f5be3cdc RPCRT4!Ndr64StubWorker+0xc01 00000055`9159ed90 000007fe`f5be22a4 RPCRT4!NdrServerCallAll+0x3c 00000055`9159ede0 000007fe`f5be21bd RPCRT4!DispatchToStubInCNoAvrf+0x14 00000055`9159ee30 000007fe`f5be2db3 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x17d 00000055`9159efd0 000007fe`f5be29fc RPCRT4!LRPC_SCALL::DispatchRequest+0x91e 00000055`9159f0d0 000007fe`f5be27ad RPCRT4!LRPC_SCALL::HandleRequest+0x7d2 00000055`9159f220 000007fe`f5be160b RPCRT4!LRPC_ADDRESS::ProcessIO+0x17bb 00000055`9159f390 000007fe`f7ecc57b RPCRT4!LrpcIoComplete+0x97 00000055`9159f420 000007fe`f7ec85c6 ntdll!TppAlpcpExecuteCallback+0x21b 00000055`9159f540 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000055`9159f7e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9159f810 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003d84b00 Cid 07e8.0c7c Teb: 000007f6fa927000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736886 Ticks: 4242 (0:00:01:06.175) Context Switch Count 120 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017084dd0 Current fffff88017084760 Base fffff88017085000 Limit fffff8801707f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170847a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170848e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170849a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17084a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17084ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17084c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17084c40) 00000055`90cdf7d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`90cdf7e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`90cdfa80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`90cdfab0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030739c0 Cid 07e8.0bb4 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801506fdd0 Current fffff8801506f760 Base fffff88015070000 Limit fffff8801506a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1506f7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1506f8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1506f9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1506fa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1506fae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1506fc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1506fc40) 00000055`9169f5d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9169f5e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9169f880 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9169f8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002ef9b00 Cid 07e8.01f0 Teb: 000007f6fa7ec000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016518dd0 Current fffff88016518760 Base fffff88016519000 Limit fffff88016513000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165187a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165188e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165189a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16518a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16518ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16518c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16518c40) 00000055`91a1fa88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`91a1fa90 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`91a1fd30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`91a1fd60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80041b25c0 Cid 07e8.0f2c Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740864 Ticks: 264 (0:00:00:04.118) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f17dd0 Current fffff88002f17760 Base fffff88002f18000 Limit fffff88002f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02f177a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02f178e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`02f179a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`02f17a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`02f17ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`02f17c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02f17c40) 00000055`9189f548 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9189f550 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9189f7f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9189f820 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d3db00 Cid 07e8.0490 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801651fdd0 Current fffff8801651f760 Base fffff88016520000 Limit fffff8801651a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1651f7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1651f8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1651f9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1651fa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1651fae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1651fc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1651fc40) 00000055`9199fa28 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`9199fa30 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`9199fcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`9199fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003fea3c0 SessionId: 0 Cid: 08a8 Peb: 7f6fb20f000 ParentCid: 0220 DirBase: 4ae86000 ObjectTable: fffff8a000853600 HandleCount: Image: svchost.exe VadRoot fffffa80033ae0b0 Vads 200 Clone 0 Private 822. Modified 304. Locked 656. DeviceMap fffff8a002487200 Token fffff8a0028468b0 ElapsedTime 2 Days 20:09:10.711 UserTime 00:00:00.031 KernelTime 00:00:00.062 QuotaPoolUsage[PagedPool] 102632 QuotaPoolUsage[NonPagedPool] 28944 Working Set Sizes (now,min,max) (2801, 50, 345) (11204KB, 200KB, 1380KB) PeakWorkingSetSize 3009 VirtualSize 836 Mb PeakVirtualSize 1090 Mb PageFaultCount 5937 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1556 Setting context for this process... .process /p /r fffffa8003fea3c0 THREAD fffffa8003fd3600 Cid 08a8.08ac Teb: 000007f6fb20d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a600 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679225 Ticks: 61903 (0:00:16:05.692) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880162d2dd0 Current fffff880162d2900 Base fffff880162d3000 Limit fffff880162cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162d2940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162d2a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`162d2b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`162d2bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`162d2c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162d2c40) 00000083`e7e0f418 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000083`e7e0f420 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000083`e7e0f4c0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000083`e7e0f600 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000083`e7e0f700 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 00000083`e7e0f740 000007f6`fb7a2742 svchost!wmain+0x269 00000083`e7e0f790 000007fe`f601167e svchost!_wmainCRTStartup+0x74 00000083`e7e0f7c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`e7e0f7f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f6fb00 Cid 08a8.08b0 Teb: 000007f6fb20b000 Win32Thread: fffff901000cc010 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 11047 IdealProcessor: 0 UserTime 00:00:00.171 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162cbdd0 Current fffff880162cb760 Base fffff880162cc000 Limit fffff880162c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162cb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162cb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162cb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`162cba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`162cbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162cbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162cbc40) 00000083`e7f5f848 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000083`e7f5f850 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000083`e7f5faf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`e7f5fb20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003857080 Cid 08a8.0990 Teb: 000007f6fb207000 Win32Thread: fffff901006d9b90 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 9229 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.156 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162e7dd0 Current fffff880162e7760 Base fffff880162e8000 Limit fffff880162e2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162e77a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162e78e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`162e79a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`162e7a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`162e7ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162e7c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162e7c40) 00000083`e81cf9e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000083`e81cf9f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000083`e81cfc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`e81cfcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018fc080 Cid 08a8.0998 Teb: 000007f6fb0de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95480 SynchronizationEvent fffffa8003f22720 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15160 Ticks: 15725968 (2:20:08:46.673) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pnrpsvc!CPnrpCloudManager::PnrpRegNotifyThreadProc (0x000007fef1ceb31c) Stack Init fffff8801623edd0 Current fffff8801623e180 Base fffff8801623f000 Limit fffff88016239000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261b080 Cid 08a8.0a24 Teb: 000007f6fb0da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003de5620 NotificationEvent fffffa8003613a10 NotificationEvent fffffa8003f33d50 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679813 Ticks: 61315 (0:00:15:56.520) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pnrpsvc!CPnrpCloud::DrtEventThreadProc (0x000007fef1ce6398) Stack Init fffff88015014dd0 Current fffff88015014180 Base fffff88015015000 Limit fffff8801500f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`150141c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15014300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`150143c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15014470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15014980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15014bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15014c40) 00000083`fa26f888 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000083`fa26f890 000007fe`f1ce6425 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000083`fa26fb70 000007fe`f601167e pnrpsvc!CPnrpCloud::DrtEventThreadProc+0x8d 00000083`fa26fbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`fa26fc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002619080 Cid 08a8.0a54 Teb: 000007f6fb0dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740763 Ticks: 365 (0:00:00:05.694) Context Switch Count 9809 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003ddfdd0 Current fffff88003ddf760 Base fffff88003de0000 Limit fffff88003dda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03ddf7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03ddf8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03ddf9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03ddfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03ddfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03ddfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03ddfc40) 00000083`fa1cf6e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000083`fa1cf6f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000083`fa1cf990 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`fa1cf9c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80021a3600 Cid 08a8.0ce0 Teb: 000007f6fb0d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 3041 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016485dd0 Current fffff88016485760 Base fffff88016486000 Limit fffff88016480000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164857a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164858e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164859a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16485a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16485ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16485c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16485c40) 00000083`900ffad8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000083`900ffae0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000083`900ffd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`900ffdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800381a080 Cid 08a8.095c Teb: 000007f6fb203000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003673f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679761 Ticks: 61367 (0:00:15:57.331) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880163dddd0 Current fffff880163dd900 Base fffff880163de000 Limit fffff880163d8000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`163dd940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`163dda80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`163ddb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`163ddbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`163ddc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163ddc40) 00000083`8010fa88 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000083`8010fa90 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 00000083`8010fb30 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 00000083`8010fbb0 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 00000083`8010fc40 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000083`8010fc80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`8010fcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e5db00 Cid 08a8.091c Teb: 000007f6fb0d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e3d3c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679779 Ticks: 61349 (0:00:15:57.050) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88016179dd0 Current fffff880161797a0 Base fffff8801617a000 Limit fffff88016174000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161797e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16179920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`161799e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16179a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`16179b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`16179bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16179c40) 00000083`8143fbf8 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000083`8143fc00 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000083`8143fc60 000007fe`ef0068cc KERNEL32!GetQueuedCompletionStatusStub+0x12 00000083`8143fca0 000007fe`ef04ad91 ESENT!CTaskManager::TMIDispatch+0x11c 00000083`8143fd40 000007fe`ef04ad45 ESENT!CTaskManager::TMDispatch+0x11 00000083`8143fd70 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000083`8143fdb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`8143fde0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004146080 Cid 08a8.0ad0 Teb: 000007f6fb209000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8004146428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0067d5770 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SSDPAPI!CThreadBase::DwThreadProc (0x000007feeef0a9e8) Stack Init fffff880159bddd0 Current fffff880159bd660 Base fffff880159be000 Limit fffff880159b8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159bd6a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159bd7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`159bd8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`159bd930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`159bd9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`159bda40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`159bdb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`159bdbd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159bdc40) 00000083`819fef28 000007fe`f5beb3ef ntdll!NtAlpcSendWaitReceivePort+0xa 00000083`819fef30 000007fe`f5cf6df2 RPCRT4!LRPC_CCALL::SendReceive+0x14f 00000083`819ff010 000007fe`f5cf7d09 RPCRT4!NdrpClientCall3+0x725 00000083`819ff360 000007fe`eef074b6 RPCRT4!NdrClientCall3+0xed 00000083`819ff6f0 000007fe`eef0aa2a SSDPAPI!CClientSsdpSearchRequest::DwThreadFunc+0x82 00000083`819ff760 000007fe`f601167e SSDPAPI!CThreadBase::DwThreadProc+0x42 00000083`819ff790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000083`819ff7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002772940 SessionId: 0 Cid: 0bac Peb: 7f7e166e000 ParentCid: 0288 DirBase: 2428a000 ObjectTable: fffff8a0008cc040 HandleCount: Image: dllhost.exe VadRoot fffffa8003fa2240 Vads 54 Clone 0 Private 225. Modified 15. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a006a68060 ElapsedTime 2 Days 20:08:02.445 UserTime 00:00:00.031 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 64096 QuotaPoolUsage[NonPagedPool] 6848 Working Set Sizes (now,min,max) (1473, 50, 345) (5892KB, 200KB, 1380KB) PeakWorkingSetSize 1504 VirtualSize 33 Mb PeakVirtualSize 38 Mb PageFaultCount 1669 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 361 Setting context for this process... .process /p /r fffffa8002772940 THREAD fffffa8002c5c080 Cid 0bac.0bb0 Teb: 000007f7e166c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e75190 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 19238 Ticks: 15721890 (2:20:07:43.055) Context Switch Count 41 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address DllHost!wWinMainCRTStartup (0x000007f7e23511d4) Stack Init fffff88014e3edd0 Current fffff88014e3e900 Base fffff88014e3f000 Limit fffff88014e39000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018ea5c0 Cid 0bac.0bc0 Teb: 000007f7e1664000 Win32Thread: fffff90100671b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002767d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151d4dd0 Current fffff880151d45f0 Base fffff880151d5000 Limit fffff880151cf000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151d4630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151d4770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`151d4830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`151d48c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`151d4970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`151d4a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`151d4a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`151d4bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`151d4c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151d4c40) 00000051`5970f888 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 00000051`5970f890 000007fe`f7ba9f50 user32!GetMessageW+0x25 00000051`5970f8c0 000007fe`f7b74d49 combase!CDllHost::STAWorkerLoop+0x54 00000051`5970f930 000007fe`f7b32218 combase!CDllHost::WorkerThread+0xc1 00000051`5970f970 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000051`5970fbe0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000051`5970fc10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000051`5970fc40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002e1fb00 Cid 0bac.087c Teb: 000007f7e1538000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8002e5a960 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15711974 Ticks: 29154 (0:00:07:34.805) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff88016254dd0 Current fffff88016254180 Base fffff88016255000 Limit fffff8801624f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`162541c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16254300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162543c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16254470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16254980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16254bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16254c40) 00000051`5a04f3c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000051`5a04f3d0 000007fe`ea643790 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000051`5a04f6b0 000007fe`f601167e wlidprov!NotificationThread+0x3d0 00000051`5a04f7a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000051`5a04f7d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f7c080 Cid 0bac.0a78 Teb: 000007f7e166a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002dbcc80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15710136 Ticks: 30992 (0:00:08:03.478) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b8dd0 Current fffff880158b8760 Base fffff880158b9000 Limit fffff880158b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`158b87a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158b88e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`158b89a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`158b8a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`158b8ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158b8c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158b8c40) 00000051`5912f748 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000051`5912f750 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000051`5912f9f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000051`5912fa20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80038e6940 SessionId: 0 Cid: 0270 Peb: 7f79c425000 ParentCid: 0220 DirBase: 3a2aa000 ObjectTable: fffff8a006c77c40 HandleCount: Image: SearchIndexer.exe VadRoot fffffa80037ce380 Vads 242 Clone 0 Private 1502. Modified 1352. Locked 1. DeviceMap fffff8a00000c340 Token fffff8a0069e5930 ElapsedTime 2 Days 20:07:06.627 UserTime 00:00:00.031 KernelTime 00:00:00.109 QuotaPoolUsage[PagedPool] 173944 QuotaPoolUsage[NonPagedPool] 31280 Working Set Sizes (now,min,max) (3413, 50, 345) (13652KB, 200KB, 1380KB) PeakWorkingSetSize 3807 VirtualSize 493 Mb PeakVirtualSize 730 Mb PageFaultCount 8551 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3928 Setting context for this process... .process /p /r fffffa80038e6940 THREAD fffffa800260e700 Cid 0270.0750 Teb: 000007f79c42e000 Win32Thread: fffff901006c9b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036bfc70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SearchIndexer!WinMainCRTStartup (0x000007f79cd16f2c) Stack Init fffff8801643fdd0 Current fffff8801643f900 Base fffff88016440000 Limit fffff8801643a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1643f940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1643fa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1643fb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1643fbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1643fc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1643fc40) 00000042`3a9ff548 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000042`3a9ff550 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000042`3a9ff5f0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000042`3a9ff730 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000042`3a9ff830 000007f7`9cd175e1 sechost!StartServiceCtrlDispatcherW+0x54 00000042`3a9ff870 000007f7`9cd17591 SearchIndexer!CDcomService::ServiceStart+0x1d 00000042`3a9ff8a0 000007f7`9cd170c5 SearchIndexer!WinMain+0x4ae 00000042`3a9ffe50 000007fe`f601167e SearchIndexer!ATL::CAtlStringMgr::`vector deleting destructor'+0x2e5 00000042`3a9fff10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`3a9fff40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b9d080 Cid 0270.047c Teb: 000007f79c428000 Win32Thread: fffff901006af610 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003254860 SynchronizationEvent fffffa800395a460 SynchronizationEvent fffffa80038b67a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 34436 Ticks: 15706692 (2:20:03:45.965) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.078 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016477dd0 Current fffff88016477180 Base fffff88016478000 Limit fffff88016472000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e86880 Cid 0270.0454 Teb: 000007f79c426000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026a0420 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 63311 Ticks: 15677817 (2:19:56:15.512) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88015037dd0 Current fffff88015037900 Base fffff88015038000 Limit fffff88015032000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15037940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15037a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15037b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15037bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15037c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15037c40) 00000042`3bb7f688 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000042`3bb7f690 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 00000042`3bb7f730 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 00000042`3bb7f7b0 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 00000042`3bb7f840 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000042`3bb7f880 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`3bb7f8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003dd9b00 Cid 0270.06d8 Teb: 000007f79c2fe000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003994450 SynchronizationEvent fffffa8003d9ecb0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 25664 Ticks: 15715464 (2:20:06:02.809) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88014fc6dd0 Current fffff88014fc6180 Base fffff88014fc7000 Limit fffff88014fc1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027deb00 Cid 0270.0474 Teb: 000007f79c2fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800383e380 NotificationEvent fffffa8003822860 NotificationEvent IRP List: fffffa8002d8e010: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15682394 Ticks: 58734 (0:00:15:16.256) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0) Stack Init fffff88015550dd0 Current fffff88015550180 Base fffff88015551000 Limit fffff8801554b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155501c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15550300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155503c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15550470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15550980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15550bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15550c40) 00000042`4559f318 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000042`4559f320 000007fe`ec70d25f KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000042`4559f600 000007fe`ec7d55f0 TQUERY!CRequestQueue::DoWork+0xff 00000042`4559f730 000007fe`ec761a1e TQUERY!CCiQueryServer::QueryServerThreadProc+0x28 00000042`4559f770 000007fe`f601167e TQUERY!CThread::_ThreadFunction+0x3e 00000042`4559f7b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`4559f7e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039d5b00 Cid 0270.0b84 Teb: 000007f79c2f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd14c0 SynchronizationEvent fffffa8003f87ec0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 71 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address MSSRCH!CTimerThread::Thread (0x000007feec5139e4) Stack Init fffff880164d2dd0 Current fffff880164d2180 Base fffff880164d3000 Limit fffff880164cd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164d21c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164d2300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`164d23c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`164d2470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`164d2980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`164d2bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164d2c40) 00000042`45b2f548 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000042`45b2f550 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000042`45b2f830 000007fe`ec4c4f0d KERNEL32!WaitForMultipleObjects+0x12 00000042`45b2f870 000007fe`ec513c89 MSSRCH!CThread::WaitForEvent+0x95 00000042`45b2f8d0 000007fe`f601167e MSSRCH!CTimerThread::Thread+0x1ae 00000042`45b2f930 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45b2f960 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038a8080 Cid 0270.080c Teb: 000007f79c2f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031af3e0 SynchronizationEvent fffffa8003fdc6a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 341 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSSRCH!CBackoffTimerThread::Thread (0x000007feec4c5cc8) Stack Init fffff8801557add0 Current fffff8801557a180 Base fffff8801557b000 Limit fffff88015575000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1557a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1557a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1557a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1557a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1557a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1557abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1557ac40) 00000042`45baeee8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000042`45baeef0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000042`45baf1d0 000007fe`ec4c4f0d KERNEL32!WaitForMultipleObjects+0x12 00000042`45baf210 000007fe`ec4c5dbc MSSRCH!CThread::WaitForEvent+0x95 00000042`45baf270 000007fe`f601167e MSSRCH!CBackoffTimerThread::Thread+0xec 00000042`45bafc60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45bafc90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f1fb00 Cid 0270.086c Teb: 000007f79c2f4000 Win32Thread: fffff901006b53a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393fc90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 719 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.046 Win32 Start Address MSSRCH!CRobotThread::Thread (0x000007feec5626d0) Stack Init fffff8801650add0 Current fffff8801650a0f0 Base fffff8801650b000 Limit fffff88016505000 Call 0 Priority 8 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1650a130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1650a270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1650a330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1650a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1650a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1650a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1650abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1650ac40) 00000042`45c2ac48 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000042`45c2ac50 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000042`45c2af30 000007fe`ec4cbd88 KERNEL32!WaitForMultipleObjects+0x12 00000042`45c2af70 000007fe`f601167e MSSRCH!CRobotThread::Thread+0xd12 00000042`45c2fce0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45c2fd10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b03080 Cid 0270.08ec Teb: 000007f79c2f2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f8be90 NotificationEvent fffffa8003882380 NotificationEvent fffffa8003ee2c50 NotificationEvent IRP List: fffffa80018ad010: (0006,03e8) Flags: 00060800 Mdl: fffffa8004144300 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11133 IdealProcessor: 0 UserTime 00:00:00.499 KernelTime 00:00:00.499 Win32 Start Address MSSRCH!CUsnMonitorNotifier::MonitorThreadStatic (0x000007feec55cc48) Stack Init fffff88016511dd0 Current fffff88016511180 Base fffff88016512000 Limit fffff8801650c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165111c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16511300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165113c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16511470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16511980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16511bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16511c40) 00000042`45cedaa8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000042`45cedab0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000042`45cedd90 000007fe`ec4c44c5 KERNEL32!WaitForMultipleObjects+0x12 00000042`45ceddd0 000007fe`ec55cc6f MSSRCH!CUsnMonitorNotifier::Thread+0x482 00000042`45cefbf0 000007fe`f601167e MSSRCH!CUsnMonitorNotifier::MonitorThreadStatic+0x27 00000042`45cefc30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45cefc60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001df9900 Cid 0270.0778 Teb: 000007f79c2f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8001c40640 NotificationEvent IRP List: fffffa800261ed40: (0006,01f0) Flags: 00060900 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 337 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0) Stack Init fffff880165ffdd0 Current fffff880165ff900 Base fffff88016600000 Limit fffff880165fa000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165ff940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165ffa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`165ffb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`165ffbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`165ffc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165ffc40) 00000042`45d9f788 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000042`45d9f790 000007fe`ec6df9e9 KERNELBASE!WaitForSingleObjectEx+0x92 00000042`45d9f830 000007fe`ec70c743 TQUERY!CWorkQueue::Remove+0xb5 00000042`45d9f860 000007fe`ec761a1e TQUERY!CWorkThread::WorkerThread+0x23 00000042`45d9f8a0 000007fe`f601167e TQUERY!CThread::_ThreadFunction+0x3e 00000042`45d9f8e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45d9f910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038857c0 Cid 0270.0ee8 Teb: 000007f79c423000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037a1680 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15708736 Ticks: 32392 (0:00:08:25.318) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015887dd0 Current fffff88015887760 Base fffff88015888000 Limit fffff88015882000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`158877a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158878e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`158879a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15887a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15887ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15887c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15887c40) 00000042`45aafb58 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000042`45aafb60 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000042`45aafe00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000042`45aafe30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001c4b080 SessionId: 0 Cid: 0ba8 Peb: 7f765435000 ParentCid: 0220 DirBase: 3c709000 ObjectTable: fffff8a000643200 HandleCount: Image: wmpnetwk.exe VadRoot fffffa8003012a20 Vads 151 Clone 0 Private 1119. Modified 1203. Locked 38. DeviceMap fffff8a0007b8aa0 Token fffff8a0066c3940 ElapsedTime 2 Days 20:05:55.272 UserTime 00:00:00.000 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 170680 QuotaPoolUsage[NonPagedPool] 25888 Working Set Sizes (now,min,max) (2099, 50, 345) (8396KB, 200KB, 1380KB) PeakWorkingSetSize 4035 VirtualSize 83 Mb PeakVirtualSize 86 Mb PageFaultCount 7272 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1441 Setting context for this process... .process /p /r fffffa8001c4b080 THREAD fffffa80018a6080 Cid 0ba8.03f8 Teb: 000007f76543e000 Win32Thread: fffff901006ef290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033e5220 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 147 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address wmpnetwk!wWinMainCRTStartup (0x000007f765e6d170) Stack Init fffff88015ecadd0 Current fffff88015eca900 Base fffff88015ecb000 Limit fffff88015ec5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15eca940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ecaa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15ecab40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15ecabd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15ecac40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ecac40) 00000072`b79ff018 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000072`b79ff020 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000072`b79ff0c0 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000072`b79ff200 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000072`b79ff300 000007f7`65daab4f sechost!StartServiceCtrlDispatcherW+0x54 00000072`b79ff340 000007f7`65da7754 wmpnetwk!CNTService::StartServiceW+0x13f 00000072`b79ff390 000007f7`65e6cf42 wmpnetwk!wWinMain+0x564 00000072`b79ff870 000007fe`f601167e wmpnetwk!operator delete[]+0x2ea 00000072`b79ff930 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b79ff960 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c8e680 Cid 0ba8.0820 Teb: 000007f765438000 Win32Thread: fffff901006f5010 WAIT: (UserRequest) UserMode Alertable fffffa8001d4b860 SynchronizationEvent fffffa8001ca5130 SynchronizationEvent fffffa8001d4d740 NotificationEvent fffffa8003818f20 SynchronizationEvent fffffa8003ea24e0 SynchronizationEvent fffffa8003e03140 SynchronizationEvent fffffa8001c09420 SynchronizationEvent fffffa8003ea2460 SynchronizationEvent fffffa8003863310 SynchronizationEvent IRP List: fffffa8003704c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682130 Ticks: 58998 (0:00:15:20.374) Context Switch Count 727 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.062 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016565dd0 Current fffff88016565180 Base fffff88016566000 Limit fffff88016560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165651c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16565300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165653c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16565470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16565980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16565bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16565c40) 00000072`b858f358 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000072`b858f360 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000072`b858f640 000007f7`65db1b62 USER32!MsgWaitForMultipleObjectsEx+0x144 00000072`b858f6f0 000007f7`65daaf00 wmpnetwk!CWMCService::Run+0x1082 00000072`b858f9f0 000007fe`f55d4ac5 wmpnetwk!CNTService::ServiceMain+0x25d 00000072`b858fa60 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 00000072`b858fa90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b858fac0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ca1b00 Cid 0ba8.05f4 Teb: 000007f76530e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c0ad30 SynchronizationEvent fffffa8001c0acb0 SynchronizationEvent fffffa8003982ce0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27465 Ticks: 15713663 (2:20:05:34.713) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!ATL::CWorkerThread::_WorkerThreadProc (0x000007f765de565c) Stack Init fffff880154e1dd0 Current fffff880154e1180 Base fffff880154e2000 Limit fffff880154dc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd9800 Cid 0ba8.07f4 Teb: 000007f76530c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c11c50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27466 Ticks: 15713662 (2:20:05:34.698) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!CHMESharedLibraryMonitor::_RegistryWatchProc (0x000007f765e1e828) Stack Init fffff88015478dd0 Current fffff88015478900 Base fffff88015479000 Limit fffff88015473000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c55b00 Cid 0ba8.033c Teb: 000007f76530a000 Win32Thread: fffff901006f2710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bf3db0 SynchronizationEvent fffffa8003bdea28 NotificationEvent fffffa8003db1798 NotificationEvent IRP List: fffffa80018cac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682395 Ticks: 58733 (0:00:15:16.240) Context Switch Count 818 IdealProcessor: 0 UserTime 00:00:00.655 KernelTime 00:00:00.468 Win32 Start Address wmpnetwk!CHMELibraryPathMonitor::_FolderWatchProc (0x000007f765e1f45c) Stack Init fffff880154e8dd0 Current fffff880154e8180 Base fffff880154e9000 Limit fffff880154e3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154e81c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154e8300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`154e83c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`154e8470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`154e8980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`154e8bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154e8c40) 00000072`b890f498 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000072`b890f4a0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000072`b890f780 000007f7`65e1f4e4 KERNEL32!WaitForMultipleObjects+0x12 00000072`b890f7c0 000007fe`f601167e wmpnetwk!CHMELibraryPathMonitor::_FolderWatchProc+0x88 00000072`b890f800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b890f830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cc3080 Cid 0ba8.055c Teb: 000007f765306000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c89ac0 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28059 Ticks: 15713069 (2:20:05:25.447) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015f2cdd0 Current fffff88015f2c7a0 Base fffff88015f2d000 Limit fffff88015f27000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc3700 Cid 0ba8.05dc Teb: 000007f765304000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001c89a00 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28062 Ticks: 15713066 (2:20:05:25.400) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015045dd0 Current fffff88015045760 Base fffff88015046000 Limit fffff88015040000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c73b00 Cid 0ba8.06b0 Teb: 000007f765302000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c85e10 NotificationEvent fffffa8001c85e90 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15683120 Ticks: 58008 (0:00:15:04.930) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmpnetwk!CRMELibraryInfoResponder::_RefreshPortsThread (0x000007f765e3d394) Stack Init fffff88015f4fdd0 Current fffff88015f4f180 Base fffff88015f50000 Limit fffff88015f4a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15f4f1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f4f300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15f4f3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15f4f470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15f4f980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15f4fbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f4fc40) 00000072`b8dafa08 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000072`b8dafa10 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000072`b8dafcf0 000007f7`65e3d4ff KERNEL32!WaitForMultipleObjects+0x12 00000072`b8dafd30 000007fe`f601167e wmpnetwk!CRMELibraryInfoResponder::_RefreshPortsThread+0x16c 00000072`b8dafd90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b8dafdc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d7f080 Cid 0ba8.0ad4 Teb: 000007f7652fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d81460 NotificationEvent fffffa8001c6e960 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address tquery!CRowsetAsynchNotification::_NotifyThread (0x000007feec7718e8) Stack Init fffff88016334dd0 Current fffff88016334180 Base fffff88016335000 Limit fffff8801632f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`163341c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16334300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`163343c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16334470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16334980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16334bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16334c40) 00000072`b910f688 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000072`b910f690 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000072`b910f970 000007fe`ec771a32 KERNEL32!WaitForMultipleObjects+0x12 00000072`b910f9b0 000007fe`f601167e tquery!CRowsetAsynchNotification::_DoNotifications+0x13a 00000072`b910fa70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b910faa0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800419c9c0 Cid 0ba8.03dc Teb: 000007f765308000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject IRP List: fffffa8001c62230: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15692903 Ticks: 48225 (0:00:12:32.314) Context Switch Count 411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170b5dd0 Current fffff880170b5760 Base fffff880170b6000 Limit fffff880170b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170b57a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170b58e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170b59a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`170b5a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`170b5ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170b5c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170b5c40) 00000072`b8a2f728 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000072`b8a2f730 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000072`b8a2f9d0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b8a2fa00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001df5080 Cid 0ba8.0cb8 Teb: 000007f765300000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017580dd0 Current fffff88017580760 Base fffff88017581000 Limit fffff8801757b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175807a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175808e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175809a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17580a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17580ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17580c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17580c40) 00000072`b8e7f708 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000072`b8e7f710 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000072`b8e7f9b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000072`b8e7f9e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001d07940 SessionId: 1 Cid: 0acc Peb: 7f68f055000 ParentCid: 0ae4 DirBase: 3b81b000 ObjectTable: 00000000 HandleCount: 0. Image: explorer.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 11652. Locked 0. DeviceMap fffff8a006b36d60 Token fffff8a001380060 ElapsedTime 2 Days 20:05:20.434 UserTime 00:00:02.698 KernelTime 00:00:02.808 QuotaPoolUsage[PagedPool] 0 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 26782 VirtualSize 0 Mb PeakVirtualSize 513 Mb PageFaultCount 64065 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001d07940 No active threads PROCESS fffffa8001f4b940 SessionId: 2 Cid: 0a3c Peb: 7f6a5f5f000 ParentCid: 011c DirBase: 604c7000 ObjectTable: 00000000 HandleCount: 0. Image: smss.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 16. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a001ae65e0 ElapsedTime 2 Days 19:55:57.065 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 1088 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 158 VirtualSize 0 Mb PeakVirtualSize 5 Mb PageFaultCount 156 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001f4b940 No active threads PROCESS fffffa80020b0080 SessionId: 2 Cid: 0cdc Peb: 7f768c3f000 ParentCid: 0a3c DirBase: 5e728000 ObjectTable: fffff8a0035fd400 HandleCount: Image: csrss.exe VadRoot fffffa800215e1b0 Vads 92 Clone 0 Private 251. Modified 3384. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a00353a060 ElapsedTime 2 Days 19:55:56.909 UserTime 00:00:00.000 KernelTime 00:00:00.795 QuotaPoolUsage[PagedPool] 150264 QuotaPoolUsage[NonPagedPool] 18688 Working Set Sizes (now,min,max) (1068, 50, 345) (4272KB, 200KB, 1380KB) PeakWorkingSetSize 9535 VirtualSize 57 Mb PeakVirtualSize 61 Mb PageFaultCount 99816 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 442 Setting context for this process... .process /p /r fffffa80020b0080 THREAD fffffa8001c22080 Cid 0cdc.03d8 Teb: 000007f768c3b000 Win32Thread: fffff901000bab90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001c22428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00311e770 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 136 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0) Stack Init fffff880170aedd0 Current fffff880170ae660 Base fffff880170af000 Limit fffff880170a9000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170ae6a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170ae7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`170ae8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`170ae930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`170ae9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`170aea40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`170aeb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`170aebd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170aec40) 0000005c`8d04fb98 000007fe`f4e21f7e ntdll!NtAlpcSendWaitReceivePort+0xa 0000005c`8d04fba0 000007fe`f7f19d66 winsrv!TerminalServerRequestThread+0x2d1 0000005c`8d04fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8002126b00 Cid 0cdc.0a20 Teb: 000007f768c39000 Win32Thread: fffff90100661b90 WAIT: (UserRequest) UserMode Alertable fffffa80018936a0 SynchronizationEvent fffffa8001fb3fe0 SynchronizationEvent fffffa80033e2ee0 SynchronizationEvent fffffa80033ee280 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680790 Ticks: 60338 (0:00:15:41.278) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630) Stack Init fffff880165a6dd0 Current fffff880165a6180 Base fffff880165a7000 Limit fffff880165a1000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165a61c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165a6300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165a63c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`165a6470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`165a6980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`165a6bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165a6c40) 0000005c`8d08f9a8 000007fe`f4e217da ntdll!NtWaitForMultipleObjects+0xa 0000005c`8d08f9b0 000007fe`f7f19d66 winsrv!NotificationThread+0x1ab 0000005c`8d08fcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8001f57080 Cid 0cdc.0a04 Teb: 000007f768c35000 Win32Thread: fffff901000b7220 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001f57428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741024 Ticks: 104 (0:00:00:01.622) Context Switch Count 328 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.093 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88017045dd0 Current fffff88017045750 Base fffff88017046000 Limit fffff88017040000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17045790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170458d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17045990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`17045a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`17045a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`17045b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17045bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17045c40) 0000005c`8d12f4e8 000007fe`f4e84b91 ntdll!NtAlpcSendWaitReceivePort+0xa 0000005c`8d12f4f0 000007fe`f7f19d66 CSRSRV!CsrApiRequestThread+0x155 0000005c`8d12f800 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa80021a5b00 Cid 0cdc.0a84 Teb: 000007f768c33000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80021a5ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65253 Ticks: 15675875 (2:19:55:45.217) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10) Stack Init fffff880165addd0 Current fffff880165ad7a0 Base fffff880165ae000 Limit fffff880165a8000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165ad7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165ad920 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`165ad9e0 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`165ada70 fffff802`b3ef350d nt!AlpcpReceiveMessagePort+0x380 fffff880`165adae0 fffff802`b3ef334b nt!AlpcpReceiveLegacyMessage+0x11c fffff880`165adb70 fffff802`b3ef31f3 nt!NtReplyWaitReceivePortEx+0xca fffff880`165adc00 fffff802`b3b02d53 nt!NtReplyWaitReceivePort+0xf fffff880`165adc40 000007fe`f7ec2c9a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165adc40) 0000005c`8d16f608 000007fe`f4e83d5d ntdll!NtReplyWaitReceivePort+0xa 0000005c`8d16f610 000007fe`f7f19d66 CSRSRV!CsrSbApiRequestThread+0x4d 0000005c`8d16f7a0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa800207fb00 Cid 0cdc.0e6c Teb: 000007f768c3d000 Win32Thread: fffff90100755680 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800207fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 343 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff880171e7dd0 Current fffff880171e7750 Base fffff880171e8000 Limit fffff880171e2000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171e7790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171e78d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`171e7990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`171e7a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`171e7a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`171e7b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`171e7bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171e7c40) 0000005c`8d5cf4b8 000007fe`f4e84b91 ntdll!NtAlpcSendWaitReceivePort+0xa 0000005c`8d5cf4c0 000007fe`f7f19d66 CSRSRV!CsrApiRequestThread+0x155 0000005c`8d5cf7d0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa80021ca080 Cid 0cdc.0868 Teb: 000007f768b0e000 Win32Thread: fffff901001a9b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa80020e4cb0 SynchronizationEvent fffffa8001e4ea00 NotificationTimer fffffa8003de3c00 SynchronizationTimer fffffa8001990080 SynchronizationEvent IRP List: fffffa800267c6a0: (0006,0478) Flags: 00060970 Mdl: 00000000 fffffa80021bdc10: (0006,03e8) Flags: 00060900 Mdl: fffffa8002c89a60 fffffa8002137c10: (0006,03e8) Flags: 00060900 Mdl: fffffa8003e0b1a0 fffffa8001ed1b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80037d1010 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 47974 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.577 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff8801718edd0 Current fffff8801718e810 Base fffff8801718f000 Limit fffff88017189000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1718e850 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1718e990 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1718ea50 fffff960`00152571 nt!KeWaitForMultipleObjects+0x25d fffff880`1718eb00 fffff960`001902d0 win32k!RawInputThread+0x695 fffff880`1718ebe0 fffff960`001376ff win32k!xxxCreateSystemThreads+0x48 fffff880`1718ec10 fffff802`b3b02d53 win32k!NtUserCallNoParam+0x17f fffff880`1718ec40 000007fe`f4e2180a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1718ec40) 0000005c`8d60fa98 000007fe`f4e22be9 winsrv!NtUserCallNoParam+0xa 0000005c`8d60faa0 000007fe`f7f19d66 winsrv!StartCreateSystemThreads+0x19 0000005c`8d60fad0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa800419ab00 Cid 0cdc.0bfc Teb: 000007f768b0c000 Win32Thread: fffff901001af850 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002dd7320 SynchronizationEvent fffffa8003f11640 SynchronizationEvent fffffa80020fc060 SynchronizationEvent IRP List: fffffa8003f3dab0: (0006,0550) Flags: 00060970 Mdl: 00000000 fffffa8002599b80: (0006,0478) Flags: 00060970 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 45172 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:01.965 Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0) Stack Init fffff88017318dd0 Current fffff880173187e0 Base fffff88017319000 Limit fffff88017313000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17318820 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17318960 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`17318a20 fffff960`000f6d4b nt!KeWaitForMultipleObjects+0x25d fffff880`17318ad0 fffff960`000f6fe6 win32k!xxxDesktopThreadWaiter+0x107 fffff880`17318b50 fffff960`001902e0 win32k!xxxDesktopThread+0x1e6 fffff880`17318be0 fffff960`001376ff win32k!xxxCreateSystemThreads+0x58 fffff880`17318c10 fffff802`b3b02d53 win32k!NtUserCallNoParam+0x17f fffff880`17318c40 000007fe`f4e2180a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17318c40) 0000005c`8d64f878 000007fe`f4e22be9 winsrv!NtUserCallNoParam+0xa 0000005c`8d64f880 000007fe`f7f19d66 winsrv!StartCreateSystemThreads+0x19 0000005c`8d64f8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa80041b2b00 Cid 0cdc.0e94 Teb: 000007f768b0a000 Win32Thread: fffff901000ec4d0 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80041b2ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740890 Ticks: 238 (0:00:00:03.712) Context Switch Count 299 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c) Stack Init fffff88017378dd0 Current fffff88017378750 Base fffff88017379000 Limit fffff88017373000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17378790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173788d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17378990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`17378a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`17378a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`17378b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17378bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17378c40) 0000005c`8ebcfb08 000007fe`f4e84b91 ntdll!NtAlpcSendWaitReceivePort+0xa 0000005c`8ebcfb10 000007fe`f7f19d66 CSRSRV!CsrApiRequestThread+0x155 0000005c`8ebcfe20 00000000`00000000 ntdll!RtlUserThreadStart+0x25 THREAD fffffa8003625080 Cid 0cdc.0344 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff8801503eb90 NotificationTimer fffffa8003db3180 SynchronizationEvent fffffa8003dd9820 SynchronizationEvent fffffa8002c46b60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 15913 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.530 Win32 Start Address cdd!PresentWorkerThread (0xfffff960008a95e8) Stack Init fffff8801503edd0 Current fffff8801503e820 Base fffff8801503f000 Limit fffff88015039000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1503e860 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1503e9a0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1503ea60 fffff960`008a99ee nt!KeWaitForMultipleObjects+0x25d fffff880`1503eb10 fffff802`b3aab535 cdd!PresentWorkerThread+0x406 fffff880`1503ed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59 fffff880`1503eda0 00000000`00000000 nt!KiStartSystemThread+0x16 THREAD fffffa80033cc080 Cid 0cdc.0d0c Teb: 000007f768b08000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80033cc428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address winsrv!AutoRotationRequestThread (0x000007fef4e21910) Stack Init fffff88017267dd0 Current fffff88017267750 Base fffff88017268000 Limit fffff88017262000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17267790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172678d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17267990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`17267a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`17267a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`17267b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17267bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17267c40) 0000005c`8f68f848 000007fe`f4e219fd ntdll!NtAlpcSendWaitReceivePort+0xa 0000005c`8f68f850 000007fe`f7f19d66 winsrv!AutoRotationRequestThread+0xed 0000005c`8f68fa30 00000000`00000000 ntdll!RtlUserThreadStart+0x25 PROCESS fffffa800417d940 SessionId: 2 Cid: 0a28 Peb: 7f66fc54000 ParentCid: 0a3c DirBase: 6d36d000 ObjectTable: fffff8a00192a600 HandleCount: Image: winlogon.exe VadRoot fffffa80038c8e30 Vads 54 Clone 0 Private 184. Modified 1018. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a006dc9b00 ElapsedTime 2 Days 19:55:55.536 UserTime 00:00:00.000 KernelTime 00:00:00.015 QuotaPoolUsage[PagedPool] 102496 QuotaPoolUsage[NonPagedPool] 7040 Working Set Sizes (now,min,max) (1170, 50, 345) (4680KB, 200KB, 1380KB) PeakWorkingSetSize 2185 VirtualSize 46 Mb PeakVirtualSize 67 Mb PageFaultCount 2802 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 291 Setting context for this process... .process /p /r fffffa800417d940 THREAD fffffa8002112b00 Cid 0a28.0520 Teb: 000007f66fc5e000 Win32Thread: fffff901000b8360 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003fcb740 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15681145 Ticks: 59983 (0:00:15:35.740) Context Switch Count 375 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.327 Win32 Start Address WinLogon!WinMainCRTStartup (0x000007f670437010) Stack Init fffff8801706fdd0 Current fffff8801706f900 Base fffff88017070000 Limit fffff8801706a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1706f940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1706fa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1706fb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1706fbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1706fc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1706fc40) 00000059`6b71f638 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000059`6b71f640 000007f6`704222ec KERNELBASE!WaitForSingleObjectEx+0x92 00000059`6b71f6e0 000007f6`70421ff3 WinLogon!SignalManagerWaitForSignal+0x133 00000059`6b71f720 000007f6`7042f98c WinLogon!StateMachineRun+0x438 00000059`6b71fa60 000007f6`70432bcd WinLogon!WinMain+0x14c1 00000059`6b71fbe0 000007fe`f601167e WinLogon!CPortClient::SendComplexAsyncRequestNative+0x411 00000059`6b71fca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000059`6b71fcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f2bb00 Cid 0a28.0d98 Teb: 000007f66fc5a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003013100 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017241dd0 Current fffff88017241760 Base fffff88017242000 Limit fffff8801723c000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172417a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172418e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`172419a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17241a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17241ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17241c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17241c40) 00000059`6bd3f778 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000059`6bd3f780 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000059`6bd3fa20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000059`6bd3fa50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c20b00 Cid 0a28.0bcc Teb: 000007f66fb2e000 Win32Thread: fffff901000eeb90 WAIT: (WrQueue) UserMode Alertable fffffa8003977b80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15680821 Ticks: 60307 (0:00:15:40.795) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801737fdd0 Current fffff8801737f760 Base fffff88017380000 Limit fffff8801737a000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1737f7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1737f8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1737f9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1737fa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1737fae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1737fc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1737fc40) 00000059`6bfbf6a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000059`6bfbf6b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000059`6bfbf950 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000059`6bfbf980 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001f413c0 SessionId: 2 Cid: 0dac Peb: 7f7df883000 ParentCid: 0a28 DirBase: 38e80000 ObjectTable: 00000000 HandleCount: 0. Image: LogonUI.exe VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 371. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a007f0fb00 ElapsedTime 2 Days 19:55:53.967 UserTime 00:00:00.202 KernelTime 00:00:00.140 QuotaPoolUsage[PagedPool] 2448 QuotaPoolUsage[NonPagedPool] 0 Working Set Sizes (now,min,max) (5, 50, 345) (20KB, 200KB, 1380KB) PeakWorkingSetSize 7373 VirtualSize 0 Mb PeakVirtualSize 229 Mb PageFaultCount 9442 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 0 Setting context for this process... .process /p /r fffffa8001f413c0 No active threads PROCESS fffffa8002109940 SessionId: 2 Cid: 06f8 Peb: 7f7f6aa3000 ParentCid: 0a28 DirBase: 6f209000 ObjectTable: fffff8a001ea0e40 HandleCount: Image: dwm.exe VadRoot fffffa8002698970 Vads 139 Clone 0 Private 3052. Modified 6608. Locked 623. DeviceMap fffff8a001f34aa0 Token fffff8a00193f9b0 ElapsedTime 2 Days 19:55:53.967 UserTime 00:00:00.171 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 306440 QuotaPoolUsage[NonPagedPool] 17856 Working Set Sizes (now,min,max) (6437, 50, 345) (25748KB, 200KB, 1380KB) PeakWorkingSetSize 9820 VirtualSize 176 Mb PeakVirtualSize 254 Mb PageFaultCount 45073 MemoryPriority BACKGROUND BasePriority 13 CommitCharge 13202 Setting context for this process... .process /p /r fffffa8002109940 THREAD fffffa80020c9b00 Cid 06f8.06c4 Teb: 000007f7f6aae000 Win32Thread: fffff90100668710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040a7c60 SynchronizationEvent fffffa800413ac40 SynchronizationEvent fffffa80038b18c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15686357 Ticks: 54771 (0:00:14:14.433) Context Switch Count 116 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address dwm!WinMainStartup (0x000007f7f6f45de0) Stack Init fffff88017363dd0 Current fffff88017363180 Base fffff88017364000 Limit fffff8801735e000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`173631c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17363300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`173633c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17363470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17363980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17363bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17363c40) 000000cd`5473f678 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000cd`5473f680 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000cd`5473f960 000007f7`f6f41c40 USER32!MsgWaitForMultipleObjectsEx+0x144 000000cd`5473fa10 000007f7`f6f44479 dwm!CDwmAppHost::Run+0xc6 000000cd`5473fa80 000007f7`f6f452fd dwm!WinMain+0xc9 000000cd`5473fae0 000007f7`f6f45e24 dwm!_delayLoadHelper2+0x2f1 000000cd`5473fba0 000007fe`f601167e dwm!WinMainStartup+0x40 000000cd`5473fbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`5473fc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001db2740 Cid 06f8.00c4 Teb: 000007f7f6aaa000 Win32Thread: fffff90100664b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002761a30 Semaphore Limit 0x7fffffff fffffa80031ab3c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 17216 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.327 Win32 Start Address dwm!CPortBase::PortThread (0x000007f7f6f44380) Stack Init fffff8801705add0 Current fffff8801705a180 Base fffff8801705b000 Limit fffff88017055000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1705a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1705a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1705a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1705a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1705a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1705abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1705ac40) 000000cd`56fbf678 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000cd`56fbf680 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000cd`56fbf960 000007fe`f2c4cc39 KERNEL32!WaitForMultipleObjects+0x12 000000cd`56fbf9a0 000007fe`f352108f dwmcore!MilComposition_WaitForNextMessage+0x169 000000cd`56fbfc00 000007f7`f6f41090 dwmredir!CWindowManager::WaitForMultipleObjects+0x7f 000000cd`56fbfca0 000007f7`f6f44389 dwm!CPortBase::PortThreadInternal+0x80 000000cd`56fbfd20 000007fe`f601167e dwm!CPortBase::PortThread+0x9 000000cd`56fbfd50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`56fbfd80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e3f680 Cid 06f8.0f30 Teb: 000007f7f6aa4000 Win32Thread: fffff9010060bb90 WAIT: (UserRequest) KernelMode Alertable fffffa8003ed20f0 NotificationEvent fffffa8003feafe0 NotificationEvent fffffa8003896670 NotificationEvent fffffa8002670e60 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741122 Ticks: 6 (0:00:00:00.093) Context Switch Count 8229 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address dwmcore!CLocalSurfaceManager::s_TokenThreadMain (0x000007fef2c98060) Stack Init fffff88016431dd0 Current fffff88016430ce0 Base fffff88016432000 Limit fffff8801642c000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16430d20 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16430e60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`16430f20 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16430fd0 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`164314e0 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16431730 fffff802`b3b07f30 nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164317a0) fffff880`16431938 fffff960`001b541e nt!KiServiceLinkage fffff880`16431940 fffff960`001dbe5b win32k!CTokenManager::ProcessTokens+0x13f fffff880`16431a40 fffff960`001daff6 win32k!CTokenManager::TokenThread+0xf7 fffff880`16431b40 fffff802`b3b02d53 win32k!NtTokenManagerThread+0xae fffff880`16431c40 000007fe`f29d159a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16431c40) 000000cd`5713f898 000007fe`f2c64bf2 dcomp!NtTokenManagerThread+0xa 000000cd`5713f8a0 000007fe`f2c98069 dwmcore!CLocalSurfaceManager::ProcessKernelTokens+0xe2 000000cd`5713f950 000007fe`f601167e dwmcore!CLocalSurfaceManager::s_TokenThreadMain+0x9 000000cd`5713f980 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`5713f9b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cc4b00 Cid 06f8.0960 Teb: 000007f7f6aa8000 Win32Thread: fffff9010060cb90 WAIT: (UserRequest) KernelMode Non-Alertable fffffa8003fe6318 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 14600 IdealProcessor: 0 UserTime 00:00:05.725 KernelTime 00:00:02.652 Win32 Start Address dwmcore!CPartitionThread::ThreadMain (0x000007fef2c969b0) Stack Init fffff88016423dd0 Current fffff88016423600 Base fffff88016424000 Limit fffff8801641e000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16423640 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16423780 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16423840 fffff880`03454dca nt!KeWaitForSingleObject+0x1cf fffff880`164238d0 fffff880`034533d0 dxgkrnl!DxgkWaitForVerticalBlankEventInternal+0x4ea fffff880`16423bf0 fffff802`b3b02d53 dxgkrnl!DxgkWaitForVerticalBlankEvent+0x90 fffff880`16423c40 000007fe`f581110a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16423c40) 000000cd`5703f628 000007fe`f23810ad GDI32!NtGdiDdDDIWaitForVerticalBlankEvent+0xa 000000cd`5703f630 000007fe`f2c02971 dxgi!CDXGIOutput::WaitForVBlank+0x6d 000000cd`5703f6a0 000007fe`f2c028eb dwmcore!CDWMSwapChain::WaitForVBlank+0x39 000000cd`5703f6f0 000007fe`f2c02805 dwmcore!CHwDisplayRenderTarget::WaitForVBlank+0xc3 000000cd`5703f730 000007fe`f2c01c45 dwmcore!CHwndRenderTarget::WaitForVBlank+0x45 000000cd`5703f770 000007fe`f2c01ee2 dwmcore!CPartitionVerticalBlankScheduler::WaitForVBlank+0x8a 000000cd`5703f7e0 000007fe`f2c969cc dwmcore!CPartitionVerticalBlankScheduler::Run+0x102 000000cd`5703fae0 000007fe`f601167e dwmcore!CPartitionThread::ThreadMain+0x1c 000000cd`5703fb10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`5703fb40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d01080 Cid 06f8.0d08 Teb: 000007f7f6aa6000 Win32Thread: fffff901001fa830 WAIT: (UserRequest) UserMode Alertable fffffa8002dfc460 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15730707 Ticks: 10421 (0:00:02:42.568) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address uDWM!CDesktopManager::DwmEventThreadProc (0x000007feeff5e3d0) Stack Init fffff8801627edd0 Current fffff8801627e0f0 Base fffff8801627f000 Limit fffff88016279000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1627e130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1627e270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1627e330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1627e3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1627e470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1627e980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1627ebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1627ec40) 000000cd`570bf7a8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000cd`570bf7b0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000cd`570bfa90 000007fe`eff5e651 USER32!MsgWaitForMultipleObjectsEx+0x144 000000cd`570bfb40 000007fe`f601167e uDWM!CDesktopManager::DwmEventThreadProc+0x281 000000cd`570bfd50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`570bfd80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e75680 Cid 06f8.0600 Teb: 000007f7f697c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001dde1c0 QueueObject Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15698397 Ticks: 42731 (0:00:11:06.607) Context Switch Count 76 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170dfdd0 Current fffff880170df760 Base fffff880170e0000 Limit fffff880170da000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170df7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170df8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170df9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`170dfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`170dfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170dfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170dfc40) 000000cd`58aff8a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000cd`58aff8b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000cd`58affb50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000cd`58affb80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002cf71c0 SessionId: 2 Cid: 02a0 Peb: 7f7ccb0e000 ParentCid: 0220 DirBase: 0f530000 ObjectTable: fffff8a006786500 HandleCount: Image: taskhostex.exe VadRoot fffffa8002199f80 Vads 236 Clone 0 Private 1375. Modified 234. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a007e27060 ElapsedTime 00:15:41.330 UserTime 00:00:00.577 KernelTime 00:00:00.296 QuotaPoolUsage[PagedPool] 204128 QuotaPoolUsage[NonPagedPool] 34656 Working Set Sizes (now,min,max) (3438, 50, 345) (13752KB, 200KB, 1380KB) PeakWorkingSetSize 3847 VirtualSize 243 Mb PeakVirtualSize 246 Mb PageFaultCount 7514 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 1826 Job fffffa8002cfa260 Setting context for this process... .process /p /r fffffa8002cf71c0 THREAD fffffa800374a700 Cid 02a0.0980 Teb: 000007f7ccb0c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e37f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 26 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address taskhostex!wWinMainCRTStartup (0x000007f7cd6a9608) Stack Init fffff880163b6dd0 Current fffff880163b6900 Base fffff880163b7000 Limit fffff880163b1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`163b6940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`163b6a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`163b6b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`163b6bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`163b6c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163b6c40) 00000010`582bf998 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000010`582bf9a0 000007f7`cd6a35f0 KERNELBASE!WaitForSingleObjectEx+0x92 00000010`582bfa40 000007f7`cd6a339a taskhostex!UbpmpTaskHostSendResponseReceiveCommand+0xb8 00000010`582bfb40 000007f7`cd6a9566 taskhostex!UbpmTaskHostWaitForCommands+0x2b6 00000010`582bfbf0 000007fe`f601167e taskhostex!_com_raise_error+0x312 00000010`582bfcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`582bfce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039bbb00 Cid 02a0.0f48 Teb: 000007f7ccb08000 Win32Thread: fffff901000ecb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1b3c0 NotificationEvent fffffa8003ec84c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 126 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskhostex!ComTaskMgrWnd::MsgPumpThreadProc (0x000007f7cd6a458c) Stack Init fffff880171aadd0 Current fffff880171aa180 Base fffff880171ab000 Limit fffff880171a5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171aa1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171aa300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171aa3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`171aa470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`171aa980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`171aabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171aac40) 00000010`585ef9f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000010`585efa00 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000010`585efce0 000007f7`cd6a46ea user32!MsgWaitForMultipleObjects+0x14c 00000010`585efd90 000007fe`f601167e taskhostex!ComTaskMgrWnd::MsgPumpThreadProc+0x15e 00000010`585efe50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`585efe80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030af080 Cid 02a0.0ba0 Teb: 000007f7cc9da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800276c5f0 NotificationEvent fffffa8003f553e0 NotificationEvent IRP List: fffffa8001c26010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d7b010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d4aaf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f8c310: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001de9c10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80040dcb10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f2fee0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80038bb420: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80037cd590: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f49010: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address PlaySndSrv!CBeepRedirector::WorkThread (0x000007fef36325d8) Stack Init fffff8801720add0 Current fffff8801720a180 Base fffff8801720b000 Limit fffff88017205000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1720a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1720a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1720a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1720a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1720a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1720abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1720ac40) 00000010`5aa5f5e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000010`5aa5f5f0 000007fe`f36326c4 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000010`5aa5f8d0 000007fe`f601167e PlaySndSrv!CBeepRedirector::WorkThread+0xec 00000010`5aa5fbc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`5aa5fbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80031e7080 Cid 02a0.074c Teb: 000007f7cc9d8000 Win32Thread: fffff9010064a710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002771140 NotificationEvent fffffa8003931250 NotificationEvent fffffa8001df6490 NotificationEvent fffffa8001c81320 NotificationEvent fffffa8001cce1e0 NotificationEvent fffffa8001ceb320 NotificationEvent fffffa8001c94570 NotificationEvent fffffa8001c5d710 NotificationEvent fffffa8001f96370 NotificationEvent fffffa8001d0f2f0 NotificationEvent fffffa8004122ee0 NotificationEvent fffffa8002df1880 NotificationEvent fffffa80032553e0 SynchronizationEvent fffffa800210fd60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MsCtfMonitor!MsCtfMonitor::ThreadProc (0x000007fef3512210) Stack Init fffff88017203dd0 Current fffff88017203180 Base fffff88017204000 Limit fffff880171fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172031c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17203300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`172033c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17203470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17203980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17203bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17203c40) 00000010`5aadee78 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000010`5aadee80 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000010`5aadf160 000007fe`f3511512 user32!MsgWaitForMultipleObjects+0x14c 00000010`5aadf210 000007fe`f351233d MsCtfMonitor!DoMsCtfMonitor+0x4eb 00000010`5aadf520 000007fe`f601167e MsCtfMonitor!MsCtfMonitor::ThreadProc+0x148 00000010`5aadf770 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`5aadf7a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cea840 Cid 02a0.0958 Teb: 000007f7ccb04000 Win32Thread: fffff90100642b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001ceabe8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address MSCTF!CCtfServerPort::StaticServerThread (0x000007fef5d44c84) Stack Init fffff880171d2dd0 Current fffff880171d2750 Base fffff880171d3000 Limit fffff880171cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171d2790 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171d28d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`171d2990 fffff802`b3ee4c70 nt!KeWaitForSingleObject+0x1cf fffff880`171d2a20 fffff802`b3eb9bd4 nt!AlpcpReceiveMessagePort+0x380 fffff880`171d2a90 fffff802`b3ec1949 nt!AlpcpReceiveMessage+0x2e2 fffff880`171d2b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`171d2bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171d2c40) 00000010`59ebe688 000007fe`f5d21ecb ntdll!NtAlpcSendWaitReceivePort+0xa 00000010`59ebe690 000007fe`f5d44e24 MSCTF!CCtfServerPort::ServerLoop+0x164 00000010`59ebf7c0 000007fe`f5d44ca2 MSCTF!CCtfServerPort::ServerThread+0x148 00000010`59ebfaf0 000007fe`f601167e MSCTF!CCtfServerPort::StaticServerThread+0x1e 00000010`59ebfb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`59ebfb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800412a5c0 Cid 02a0.0d70 Teb: 000007f7cc9de000 Win32Thread: fffff90100648610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800385bc60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 214 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WINMM!mciwindow (0x000007fef1071130) Stack Init fffff8801726edd0 Current fffff8801726e5f0 Base fffff8801726f000 Limit fffff88017269000 Call 0 Priority 12 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1726e630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1726e770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1726e830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1726e8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`1726e970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`1726ea40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`1726ea90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`1726ebb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`1726ec40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1726ec40) 00000010`5afbfdd8 000007fe`f56c5760 user32!NtUserGetMessage+0xa 00000010`5afbfde0 000007fe`f1071253 user32!GetMessageA+0x40 00000010`5afbfe10 000007fe`f601167e WINMM!mciwindow+0x124 00000010`5afbfeb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`5afbfee0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cfab00 Cid 02a0.00dc Teb: 000007f7cc9d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80041a35c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15681194 Ticks: 59934 (0:00:15:34.976) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88017507dd0 Current fffff88017507900 Base fffff88017508000 Limit fffff88017502000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17507940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17507a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17507b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`17507bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`17507c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17507c40) 00000010`5b0bfc98 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000010`5b0bfca0 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 00000010`5b0bfd40 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 00000010`5b0bfdc0 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 00000010`5b0bfe50 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000010`5b0bfe90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`5b0bfec0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003ffa900 Cid 02a0.0644 Teb: 000007f7cc9d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b61500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736636 Ticks: 4492 (0:00:01:10.075) Context Switch Count 540 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff88015f1edd0 Current fffff88015f1e7a0 Base fffff88015f1f000 Limit fffff88015f19000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f1e7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f1e920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15f1e9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15f1ea90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`15f1eb20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`15f1ebd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f1ec40) 00000010`645cf788 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 00000010`645cf790 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 00000010`645cf7f0 000007fe`ef0068cc KERNEL32!GetQueuedCompletionStatusStub+0x12 00000010`645cf830 000007fe`ef04ad91 ESENT!CTaskManager::TMIDispatch+0x11c 00000010`645cf8d0 000007fe`ef04ad45 ESENT!CTaskManager::TMDispatch+0x11 00000010`645cf900 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000010`645cf940 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`645cf970 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80036d9040 Cid 02a0.0c14 Teb: 000007f7cc9dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736512 Ticks: 4616 (0:00:01:12.010) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003027dd0 Current fffff88003027760 Base fffff88003028000 Limit fffff88003022000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030277a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030278e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`030279a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03027a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03027ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03027c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03027c40) 00000010`6498f5b8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000010`6498f5c0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000010`6498f860 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`6498f890 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002685440 Cid 02a0.0e70 Teb: 000007f7cc9d4000 Win32Thread: fffff901042861b0 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15737277 Ticks: 3851 (0:00:01:00.075) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e14dd0 Current fffff88014e14760 Base fffff88014e15000 Limit fffff88014e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e147a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e148e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e149a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e14a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e14ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e14c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e14c40) 00000010`64f4f968 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000010`64f4f970 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000010`64f4fc10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`64f4fc40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d6f700 Cid 02a0.0da8 Teb: 000007f7cc9ce000 Win32Thread: fffff901042b3b90 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e30dd0 Current fffff88014e30760 Base fffff88014e31000 Limit fffff88014e2b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e307a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e308e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e309a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e30a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e30ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e30c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e30c40) 00000010`6504f708 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000010`6504f710 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000010`6504f9b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000010`6504f9e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003ed3600 SessionId: 2 Cid: 0d68 Peb: 7f68f17f000 ParentCid: 0824 DirBase: 40d5c000 ObjectTable: fffff8a006897040 HandleCount: Image: explorer.exe VadRoot fffffa8002d30260 Vads 865 Clone 0 Private 7319. Modified 4136. Locked 5209. DeviceMap fffff8a000290b20 Token fffff8a006b5a8c0 ElapsedTime 00:15:40.752 UserTime 00:00:00.514 KernelTime 00:00:00.842 QuotaPoolUsage[PagedPool] 1287264 QuotaPoolUsage[NonPagedPool] 124288 Working Set Sizes (now,min,max) (117592, 50, 345) (470368KB, 200KB, 1380KB) PeakWorkingSetSize 118144 VirtualSize 545 Mb PeakVirtualSize 548 Mb PageFaultCount 244272 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 8899 Setting context for this process... .process /p /r fffffa8003ed3600 THREAD fffffa8001e3a480 Cid 0d68.0cb4 Teb: 000007f68f17d000 Win32Thread: fffff9010064ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003efb930 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738182 Ticks: 2946 (0:00:00:45.957) Context Switch Count 7313 IdealProcessor: 0 UserTime 00:00:00.218 KernelTime 00:00:00.249 Win32 Start Address Explorer!wWinMainCRTStartup (0x000007f68f699430) Stack Init fffff8801724fdd0 Current fffff8801724f770 Base fffff88017250000 Limit fffff8801724a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1724f7b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1724f8f0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1724f9b0 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1724fa40 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`1724faf0 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`1724fbc0 fffff960`001f0c6f win32k!xxxSleepThread+0xc5 fffff880`1724fc10 fffff802`b3b02d53 win32k!NtUserWaitMessage+0x40 fffff880`1724fc40 000007fe`f56c29aa nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1724fc40) 00000000`00c0f568 000007fe`f6556d53 USER32!NtUserWaitMessage+0xa 00000000`00c0f570 000007fe`f65c7cc5 SHELL32!CDesktopBrowser::_MessageLoop+0x2f 00000000`00c0f5b0 000007f6`8f68a081 SHELL32!SHDesktopMessageLoop+0x85 00000000`00c0f5f0 000007f6`8f68af2e Explorer!wWinMain+0x585 00000000`00c0f9a0 000007fe`f601167e Explorer!CTray::SyncThreadProc+0x2e6 00000000`00c0fa60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`00c0fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037b4080 Cid 0d68.0638 Teb: 000007f68f179000 Win32Thread: fffff9010063e5b0 RUNNING on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 18325 IdealProcessor: 0 UserTime 00:00:00.280 KernelTime 00:00:00.405 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880159e3fd0 Current fffff880171fc7f0 Base fffff880159e4000 Limit fffff880159de000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159e39b0 fffff960`001862d3 win32k!xxxInternalDoPaint+0x19 fffff880`159e3a00 fffff960`001862d3 win32k!xxxInternalDoPaint+0x43 fffff880`159e3a50 fffff960`001862d3 win32k!xxxInternalDoPaint+0x43 fffff880`159e3aa0 fffff960`001862d3 win32k!xxxInternalDoPaint+0x43 fffff880`159e3af0 fffff960`001862d3 win32k!xxxInternalDoPaint+0x43 fffff880`159e3b40 fffff960`001862d3 win32k!xxxInternalDoPaint+0x43 fffff880`159e3b90 fffff960`0018608c win32k!xxxInternalDoPaint+0x43 fffff880`159e3be0 fffff960`001532e3 win32k!xxxDoPaint+0x4c fffff880`159e3c20 fffff960`00225974 win32k!xxxRealInternalGetMessage+0xa73 fffff880`159e3d40 fffff802`b3b02d53 win32k!NtUserRealInternalGetMessage+0x74 fffff880`159e3dd0 000007fe`f56c1b4a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159e3e40) 00000000`034af598 000007fe`f2a810fb USER32!NtUserRealInternalGetMessage+0xa 00000000`034af5a0 000007fe`f2a8120b DUser!CoreSC::xwProcessNL+0xe7 00000000`034af670 000007fe`f56c1bad DUser!MphProcessMessage+0xb3 00000000`034af6d0 000007fe`f7ec4b67 USER32!_ClientGetMessageMPH+0x3d 00000000`034af760 000007fe`f56c120a ntdll!KiUserCallbackDispatcherContinue (TrapFrame @ 00000000`034af628) 00000000`034af7d8 000007fe`f56c1250 USER32!NtUserPeekMessage+0xa 00000000`034af7e0 000007fe`f56c1145 USER32!PeekMessage+0x2c 00000000`034af820 000007f6`8f66105a USER32!PeekMessageW+0x85 00000000`034af860 000007f6`8f68b41e Explorer!CTray::_MessageLoop+0x4b 00000000`034af8f0 000007fe`f2ef410c Explorer!CTray::MainThreadProc+0x86 00000000`034af920 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`034afa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`034afa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002794b00 Cid 0d68.0428 Teb: 000007f68f177000 Win32Thread: fffff90103e90b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040783f0 SynchronizationEvent fffffa8003fb6690 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880171d9dd0 Current fffff880171d9180 Base fffff880171da000 Limit fffff880171d4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171d91c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171d9300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171d93c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`171d9470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`171d9980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`171d9bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171d9c40) 00000000`0353f298 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0353f2a0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0353f580 000007fe`f2aa160b USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0353f630 000007fe`f2aa15db DUser!CoreSC::xwProcessNL+0x5bb 00000000`0353f700 000007fe`f2aa14fe DUser!GetMessageExA+0x6b 00000000`0353f750 000007fe`f782707b DUser!ResourceManager::SharedThreadProc+0xfe 00000000`0353f7e0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000000`0353f810 000007fe`f601167e msvcrt!endthreadex+0xac 00000000`0353f840 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0353f870 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033fc480 Cid 0d68.0964 Teb: 000007f68f04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2bca0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739761 Ticks: 1367 (0:00:00:21.325) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880172b5dd0 Current fffff880172b50f0 Base fffff880172b6000 Limit fffff880172b0000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`172b5130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172b5270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`172b5330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`172b53c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`172b5470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`172b5980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`172b5bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172b5c40) 00000000`046fef68 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`046fef70 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`046ff250 000007fe`f7b31a03 combase!WaitCoalesced+0x96 00000000`046ff4a0 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 00000000`046ff4f0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000000`046ff760 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000000`046ff790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`046ff7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018d2500 Cid 0d68.096c Teb: 000007f68f04e000 Win32Thread: fffff90103ec63a0 WAIT: (UserRequest) UserMode Alertable fffffa800203eaf0 NotificationEvent fffffa8001ff8b30 NotificationEvent fffffa80020a75a0 NotificationEvent fffffa8001fec130 NotificationEvent fffffa800399b060 NotificationEvent fffffa8001c36280 NotificationEvent fffffa8003a05650 NotificationEvent fffffa800413d460 NotificationEvent fffffa8001e8bfb8 NotificationEvent fffffa800269c680 NotificationEvent fffffa8002634130 NotificationEvent fffffa800203e1e0 NotificationEvent fffffa800203e160 NotificationEvent fffffa8003fedc70 NotificationEvent fffffa80018f4160 NotificationEvent fffffa8002c4c700 NotificationEvent fffffa8001f0c420 NotificationEvent fffffa8003fa6f90 NotificationEvent fffffa8001d1bfe0 NotificationEvent fffffa80039615b0 NotificationEvent fffffa80030b3140 NotificationEvent fffffa8001ddb490 NotificationEvent fffffa8003612970 NotificationEvent fffffa8003808740 NotificationEvent fffffa800276aad0 NotificationEvent fffffa8003dc7a10 NotificationEvent fffffa800267f550 NotificationEvent fffffa8002637fe0 NotificationEvent fffffa80036a1940 NotificationEvent fffffa8001fa0930 NotificationEvent fffffa8004030d70 NotificationEvent fffffa8003f8bfe0 NotificationEvent fffffa8001f25b10 NotificationEvent fffffa8003f94060 NotificationEvent fffffa8002632690 NotificationEvent fffffa8002df12f0 SynchronizationEvent IRP List: fffffa80021b7c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e22150: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c3af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c8550: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800338b830: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e3ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d85c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003707c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80037f5310: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80027ff7c0: (0006,01f0) Flags: 00060000 Mdl: fffffa800205ad00 fffffa80033981f0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003856810: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8004159c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800392fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f7cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f80480: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001ebac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15731604 Ticks: 9524 (0:00:02:28.575) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880172cfdd0 Current fffff880172cf180 Base fffff880172d0000 Limit fffff880172ca000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172cf1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172cf300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`172cf3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`172cf470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`172cf980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`172cfbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172cfc40) 00000000`0477f218 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0477f220 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0477f500 000007fe`f6558b13 USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0477f5b0 000007fe`f6558a4c SHELL32!CMsgWaitForManyObjects::Wait+0x73 00000000`0477f600 000007fe`f65cb3ac SHELL32!CChangeNotify::_MessagePump+0xb3 00000000`0477f6b0 000007fe`f2ef410c SHELL32!CChangeNotify::s_ThreadProc+0x98 00000000`0477f700 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0477f7f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0477f820 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f0ca00 Cid 0d68.03b4 Teb: 000007f68f048000 Win32Thread: fffff90103ede780 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 83236 IdealProcessor: 0 UserTime 00:00:05.101 KernelTime 00:00:04.976 Win32 Start Address windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc (0x000007fef0033564) Stack Init fffff8801729ddd0 Current fffff8801729d7d0 Base fffff8801729e000 Limit fffff88017298000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1729d810 fffff802`b3b4ada2 nt!KiSwapContext+0x76 fffff880`1729d950 fffff802`b3b2bb35 nt!KeReleaseSemaphoreEx+0x562 fffff880`1729d9d0 fffff802`b3b3a4d2 nt!ExpReleaseResourceForThreadLite+0x6f3 fffff880`1729daa0 fffff960`001f0b40 nt!ExReleaseResourceAndLeavePriorityRegion+0x12 fffff880`1729dad0 fffff960`00133024 win32k!ClientGetMessageMPH+0x60 fffff880`1729db40 fffff802`b3b02d53 win32k!NtUserPeekMessage+0x124 fffff880`1729dbd0 000007fe`f56c120a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1729dc40) 00000000`0491fbe8 000007fe`f56c1250 USER32!NtUserPeekMessage+0xa 00000000`0491fbf0 000007fe`f56c1145 USER32!PeekMessage+0x2c 00000000`0491fc30 000007fe`f003123e USER32!PeekMessageW+0x85 00000000`0491fc70 000007fe`f00335c0 windows_immersiveshell_serviceprovider!CImmersiveShellController::_ImmersiveShellComponentsThreadProcInternal+0x2bd 00000000`0491fd10 000007fe`f601167e windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc+0x75 00000000`0491fd40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0491fd70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001cf9080 Cid 0d68.0ea0 Teb: 000007f68f046000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c96ae0 SynchronizationTimer fffffa8001c9ff60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 72 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address twinui!MemWatcherMonitorThreadProc (0x000007fee5e31060) Stack Init fffff880172e4dd0 Current fffff880172e4180 Base fffff880172e5000 Limit fffff880172df000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`172e41c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172e4300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`172e43c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`172e4470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`172e4980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`172e4bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172e4c40) 00000000`04c5f328 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`04c5f330 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`04c5f610 000007fe`e5e3125c KERNEL32!WaitForMultipleObjects+0x12 00000000`04c5f650 000007fe`f601167e twinui!MemWatcherMonitorThreadProc+0x1fc 00000000`04c5f880 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`04c5f8b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003841740 Cid 0d68.03a0 Teb: 000007f68f040000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffff802b3d181e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address twinui!CImmersiveWatermark::s_NotificationWindowDisplay (0x000007fee5f06ed4) Stack Init fffff880172dddd0 Current fffff880172dc030 Base fffff880172de000 Limit fffff880172d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172dc070 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172dc1b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`172dc270 fffff802`b3e76e16 nt!KeWaitForSingleObject+0x1cf fffff880`172dc300 fffff802`b3e85ef4 nt!ExpFindFastCacheDescriptor+0x602e fffff880`172dd810 fffff802`b3b44f15 nt!ExpQueryLicenseValueFromBlob+0xed fffff880`172dd850 fffff802`b3b45ea5 nt!KeExpandKernelStackAndCalloutInternal+0xe5 fffff880`172dd950 fffff802`b3e99164 nt!KeExpandKernelStackAndCalloutEx+0x25 fffff880`172dd990 fffff802`b3e91807 nt!SepFilterPrivilegeAudits+0x324 fffff880`172dd9f0 fffff802`b3e994ad nt!SepFilterPrivilegeAudits+0x237 fffff880`172ddaa0 fffff802`b3b02d53 nt!NtSetSystemInformation+0x220 fffff880`172ddc40 000007fe`f7ec443b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172ddc40) 00000000`04ddf358 000007fe`e5f07dc5 ntdll!NtSetSystemInformation+0xa 00000000`04ddf360 000007fe`f601167e twinui!CImmersiveWatermark::s_NotificationWindowDisplay+0xef1 00000000`04ddf7a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`04ddf7d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003fdb940 Cid 0d68.0af8 Teb: 000007f68f03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd0060 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017340dd0 Current fffff88017340900 Base fffff88017341000 Limit fffff8801733b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17340940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17340a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17340b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`17340bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`17340c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17340c40) 00000000`04f5f6e8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000000`04f5f6f0 000007fe`e5f05d04 KERNELBASE!WaitForSingleObjectEx+0x92 00000000`04f5f790 000007fe`f2ef410c twinui!CNotificationManager::s_MTAServerThread+0x94 00000000`04f5f7d0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`04f5f8c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`04f5f8f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c4d800 Cid 0d68.0204 Teb: 000007f68f038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003dc8060 NotificationEvent fffffa8001cdd210 SynchronizationEvent fffffa80040db060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 *** ERROR: Symbol file could not be found. Defaulted to export symbols for sppc.dll - Win32 Start Address sppc (0x000007fef0c16208) Stack Init fffff8801735cdd0 Current fffff8801735c180 Base fffff8801735d000 Limit fffff88017357000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1735c1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1735c300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1735c3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1735c470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1735c980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1735cbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1735cc40) 00000000`04fdf5e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`04fdf5f0 000007fe`f0c25047 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`04fdf8d0 000007fe`f0c247f7 sppc!SLDepositMigrationBlob+0x7693 00000000`04fdfa00 000007fe`f0c16280 sppc!SLDepositMigrationBlob+0x6e43 00000000`04fdfa30 000007fe`f601167e sppc+0x6280 00000000`04fdfa60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`04fdfa90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c30b00 Cid 0d68.0218 Teb: 000007f68f036000 Win32Thread: fffff90103efeb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031e8060 SynchronizationEvent fffffa8002c9d760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15726086 Ticks: 15042 (0:00:03:54.656) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address DUI70!DirectUI::StyleSheetCache::CCacheThread::s_ThreadProc (0x000007fef220cb24) Stack Init fffff88017430dd0 Current fffff88017430180 Base fffff88017431000 Limit fffff8801742b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174301c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17430300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174303c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17430470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17430980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17430bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17430c40) 00000000`0505f6a8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0505f6b0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0505f990 000007fe`f220cb74 KERNEL32!WaitForMultipleObjects+0x12 00000000`0505f9d0 000007fe`f601167e DUI70!DirectUI::StyleSheetCache::CCacheThread::s_ThreadProc+0x4c 00000000`0505fa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0505fa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040cc4c0 Cid 0d68.0200 Teb: 000007f68f030000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa800385be90 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff8801758edd0 Current fffff8801758e180 Base fffff8801758f000 Limit fffff88017589000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1758e1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1758e300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1758e3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1758e470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1758e980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1758ebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1758ec40) 00000000`05d8fa78 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`05d8fa80 000007fe`ea643790 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`05d8fd60 000007fe`f601167e wlidprov!NotificationThread+0x3d0 00000000`05d8fe50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`05d8fe80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003098380 Cid 0d68.0ecc Teb: 000007f68f028000 Win32Thread: fffff90103efa680 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003618060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017484dd0 Current fffff880174845f0 Base fffff88017485000 Limit fffff8801747f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17484630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17484770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17484830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`174848c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`17484970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`17484a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`17484a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`17484bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`17484c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17484c40) 00000000`07defb78 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`07defb80 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`07defbb0 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`07defc20 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`07defd10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`07defd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002196600 Cid 0d68.01bc Teb: 000007f68f024000 Win32Thread: fffff90103f00b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d6bdc0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801753cdd0 Current fffff8801753c5f0 Base fffff8801753d000 Limit fffff88017537000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1753c630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1753c770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1753c830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1753c8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`1753c970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`1753ca40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`1753ca90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`1753cbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`1753cc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1753cc40) 00000000`07eef938 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`07eef940 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`07eef970 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`07eef9e0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`07eefad0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`07eefb00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d88b00 Cid 0d68.0390 Teb: 000007f68f022000 Win32Thread: fffff90103f00710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80038b9220 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738781 Ticks: 2347 (0:00:00:36.613) Context Switch Count 303 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801748bdd0 Current fffff8801748b5f0 Base fffff8801748c000 Limit fffff88017486000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1748b630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1748b770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1748b830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1748b8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`1748b970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`1748ba40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`1748ba90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`1748bbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`1748bc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1748bc40) 00000000`07f7fad8 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`07f7fae0 000007fe`f7ba9f50 USER32!GetMessageW+0x25 00000000`07f7fb10 000007fe`f7b74d49 combase!CDllHost::STAWorkerLoop+0x54 00000000`07f7fb80 000007fe`f7b32218 combase!CDllHost::WorkerThread+0xc1 00000000`07f7fbc0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000000`07f7fe30 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000000`07f7fe60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`07f7fe90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040667c0 Cid 0d68.0d3c Teb: 000007f68f026000 Win32Thread: fffff90103f08b90 READY on processor 0 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 3843 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801747ddd0 Current fffff8801747d700 Base fffff8801747e000 Limit fffff88017478000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1747d740 fffff802`b3bc5258 nt!KxDispatchInterrupt+0x118 fffff880`1747d880 fffff802`b3b73cee nt!KiDpcInterrupt+0xc8 (TrapFrame @ fffff880`1747d880) fffff880`1747da10 fffff802`b3b3a37b nt!ExpUnlockResource+0x3e fffff880`1747da40 fffff960`001f0b8e nt!ExEnterPriorityRegionAndAcquireResourceExclusive+0x18b fffff880`1747dad0 fffff960`00133024 win32k!ClientGetMessageMPH+0xae fffff880`1747db40 fffff802`b3b02d53 win32k!NtUserPeekMessage+0x124 fffff880`1747dbd0 000007fe`f56c120a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1747dc40) 00000000`07e6f768 000007fe`f56c1250 USER32!NtUserPeekMessage+0xa 00000000`07e6f770 000007fe`f56c1145 USER32!PeekMessage+0x2c 00000000`07e6f7b0 000007fe`e5e316c6 USER32!PeekMessageW+0x85 00000000`07e6f7f0 000007fe`e5f05a1a twinui!CSettingsFlow::s_RunMessageLoop+0x53 00000000`07e6f860 000007fe`f2ef410c twinui!Microsoft::WRL::ComPtr::operator=+0x12a 00000000`07e6f8c0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`07e6f9b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`07e6f9e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040b9080 Cid 0d68.01cc Teb: 000007f68f01e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80024ca960 SynchronizationEvent fffffa80033ff260 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739009 Ticks: 2119 (0:00:00:33.056) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174aedd0 Current fffff880174ae180 Base fffff880174af000 Limit fffff880174a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174ae1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174ae300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174ae3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`174ae470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`174ae980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`174aebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174aec40) 00000000`0824f0e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0824f0f0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0824f3d0 000007fe`f7ba9443 combase!WaitCoalesced+0x96 00000000`0824f620 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 00000000`0824f670 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 00000000`0824f6b0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000000`0824f920 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000000`0824f950 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0824f980 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e0ab00 Cid 0d68.08f0 Teb: 000007f68f014000 Win32Thread: fffff90103f38b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372b290 SynchronizationEvent fffffa8003ba06d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 326 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801597afd0 Current fffff8801597a380 Base fffff8801597b000 Limit fffff88015975000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1597a3c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1597a500 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1597a5c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1597a670 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1597ab80 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1597add0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1597ae40) 00000000`0a04f278 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0a04f280 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0a04f560 000007fe`f2a8171e USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000000`0a04f610 000007fe`f2a8120b DUser!CoreSC::xwProcessNL+0x289 00000000`0a04f6e0 000007fe`f56c1bad DUser!MphProcessMessage+0xb3 00000000`0a04f740 000007fe`f7ec4b67 USER32!_ClientGetMessageMPH+0x3d 00000000`0a04f7d0 000007fe`f56c1eba ntdll!KiUserCallbackDispatcherContinue (TrapFrame @ 00000000`0a04f698) 00000000`0a04f848 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0a04f850 000007fe`ec1d1597 USER32!GetMessageW+0x25 00000000`0a04f880 000007fe`f2ef410c stobject!SysTrayMain+0x3fd 00000000`0a04f9c0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0a04fab0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0a04fae0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004148b00 Cid 0d68.0d84 Teb: 000007f68f012000 Win32Thread: fffff90103f4ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037ad890 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15715274 Ticks: 25854 (0:00:06:43.324) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880174d6dd0 Current fffff880174d65f0 Base fffff880174d7000 Limit fffff880174d1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174d6630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174d6770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`174d6830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`174d68c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`174d6970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`174d6a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`174d6a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`174d6bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`174d6c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174d6c40) 00000000`0a0cfbe8 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0a0cfbf0 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`0a0cfc20 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`0a0cfc90 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0a0cfd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0a0cfdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d5c040 Cid 0d68.0e14 Teb: 000007f68f00e000 Win32Thread: fffff90100754010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002c46d50 NotificationEvent fffffa8001d09470 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801657add0 Current fffff8801657a180 Base fffff8801657b000 Limit fffff88016575000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1657a1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1657a300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1657a3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1657a470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1657a980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1657abd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1657ac40) 00000000`0a6ff5b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0a6ff5c0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0a6ff8a0 000007fe`eb691059 USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0a6ff950 000007fe`eb69bc29 wpncore!ResourceManagerImpl::RunMessageLoop+0x35 00000000`0a6ff9c0 000007fe`f7ecd893 wpncore!ResourceManagerImpl::BackgroundProcessing+0x2b0 00000000`0a6ffa90 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000000`0a6ffbe0 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000000`0a6ffe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0a6ffeb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f46b00 Cid 0d68.0890 Teb: 000007f68eff0000 Win32Thread: fffff90104041010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002036fe0 NotificationEvent fffffa80033981c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 331 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174e4dd0 Current fffff880174e4180 Base fffff880174e5000 Limit fffff880174df000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174e41c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174e4300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174e43c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`174e4470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`174e4980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`174e4bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174e4c40) 00000000`0ae7f518 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0ae7f520 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0ae7f800 000007fe`f147f819 USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0ae7f8b0 000007fe`f7ecd893 wpnprv!WnpKaDetectorImpl::BackgroundProcessing+0x135 00000000`0ae7f920 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000000`0ae7fa70 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000000`0ae7fd10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0ae7fd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002ce1b00 Cid 0d68.0394 Teb: 000007f68efe8000 Win32Thread: fffff90103f74750 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003989500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 80 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88017595dd0 Current fffff880175957a0 Base fffff88017596000 Limit fffff88017590000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`175957e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17595920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175959e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17595a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`17595b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`17595bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17595c40) 00000000`0b07fdc8 000007fe`f4645a19 ntdll!NtRemoveIoCompletion+0xa 00000000`0b07fdd0 000007fe`f601167e mswsock!SockAsyncThread+0x8f 00000000`0b07fe30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b07fe60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002ce7080 Cid 0d68.0ff4 Teb: 000007f68efe6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa80041a5fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff880175a3dd0 Current fffff880175a3180 Base fffff880175a4000 Limit fffff8801759e000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175a31c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175a3300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175a33c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175a3470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175a3980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175a3bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175a3c40) 00000000`0b0ff578 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0b0ff580 000007fe`ea643790 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0b0ff860 000007fe`f601167e wlidprov!NotificationThread+0x3d0 00000000`0b0ff950 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b0ff980 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cda240 Cid 0d68.0f4c Teb: 000007f68efe4000 Win32Thread: fffff901000ebb90 WAIT: (UserRequest) UserMode Alertable fffffa8001821a30 NotificationEvent fffffa8001c4c060 SynchronizationTimer fffffa8003f8bd90 NotificationEvent fffffa800381b300 NotificationEvent fffffa800209b4e0 SynchronizationEvent fffffa8002da6590 SynchronizationEvent fffffa800213cd30 SynchronizationEvent IRP List: fffffa8001ebc010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f86c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038b4c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001cf3430: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d8ec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800417fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f98af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002d2f010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80041304d0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f6fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003e36010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002067c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038fd010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002c64010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800379d010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003de0c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002e56430: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1960 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175aadd0 Current fffff880175aa180 Base fffff880175ab000 Limit fffff880175a5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175aa1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175aa300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175aa3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175aa470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175aa980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175aabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175aac40) 00000000`0b17f578 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0b17f580 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0b17f860 000007fe`ec1d10a9 USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0b17f910 000007fe`f2ef410c stobject!CSSOSharedThread::ThreadProc+0xc3 00000000`0b17fda0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0b17fe90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b17fec0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cd4240 Cid 0d68.0d5c Teb: 000007f68efe2000 Win32Thread: fffff901000ddb90 WAIT: (UserRequest) UserMode Alertable fffffa8003d84060 SynchronizationEvent fffffa8003efb780 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15734768 Ticks: 6360 (0:00:01:39.216) Context Switch Count 420 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175f9dd0 Current fffff880175f9180 Base fffff880175fa000 Limit fffff880175f4000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175f91c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175f9300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175f93c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175f9470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175f9980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175f9bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175f9c40) 00000000`0b69f218 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0b69f220 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0b69f500 000007fe`f2a81536 USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000000`0b69f5b0 000007fe`f2a81636 DUser!CoreSC::DUIMsgWaitForMultipleObjectsEx+0x156 00000000`0b69f660 000007fe`f56c1311 DUser!MphMsgWaitForMultipleObjectsEx+0x6e 00000000`0b69f6a0 000007fe`ec1d10a9 USER32!MsgWaitForMultipleObjectsEx+0x1ad 00000000`0b69f750 000007fe`f2ef410c stobject!CSSOSharedThread::ThreadProc+0xc3 00000000`0b69fbe0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0b69fcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b69fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cb7080 Cid 0d68.030c Teb: 000007f68efe0000 Win32Thread: fffff9010061e6f0 WAIT: (UserRequest) UserMode Alertable fffffa800403fcb0 SynchronizationEvent fffffa8003ff4be0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801719cdd0 Current fffff8801719c180 Base fffff8801719d000 Limit fffff88017197000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1719c1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1719c300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1719c3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1719c470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1719c980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1719cbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1719cc40) 00000000`0b74f0e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0b74f0f0 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0b74f3d0 000007fe`f2a81536 USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000000`0b74f480 000007fe`f2a81636 DUser!CoreSC::DUIMsgWaitForMultipleObjectsEx+0x156 00000000`0b74f530 000007fe`f56c1311 DUser!MphMsgWaitForMultipleObjectsEx+0x6e 00000000`0b74f570 000007fe`ec1d10a9 USER32!MsgWaitForMultipleObjectsEx+0x1ad 00000000`0b74f620 000007fe`f2ef410c stobject!CSSOSharedThread::ThreadProc+0xc3 00000000`0b74fab0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0b74fba0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b74fbd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003066b00 Cid 0d68.0e90 Teb: 000007f68efde000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002036060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738482 Ticks: 2646 (0:00:00:41.277) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff880175bedd0 Current fffff880175be900 Base fffff880175bf000 Limit fffff880175b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`175be940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175bea80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`175beb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`175bebd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`175bec40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175bec40) 00000000`0b60fde8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000000`0b60fdf0 000007fe`f03bba6b KERNELBASE!WaitForSingleObjectEx+0x92 00000000`0b60fe90 000007fe`f601167e wlanapi!NotificationApcThreadProc+0x6b 00000000`0b60fec0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0b60fef0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020fb880 Cid 0d68.0a40 Teb: 000007f68efda000 Win32Thread: fffff901040b3750 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8001fd55d0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff880175dbdd0 Current fffff880175db180 Base fffff880175dc000 Limit fffff880175d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175db1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175db300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175db3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175db470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175db980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175dbbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175dbc40) 00000000`0bd5fa18 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0bd5fa20 000007fe`ea643790 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0bd5fd00 000007fe`f601167e wlidprov!NotificationThread+0x3d0 00000000`0bd5fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0bd5fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e41080 Cid 0d68.09f8 Teb: 000007f68efd8000 Win32Thread: fffff901000e96f0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001ed83d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88000fdbdd0 Current fffff88000fdb5f0 Base fffff88000fdc000 Limit fffff88000fd6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`00fdb630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fdb770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`00fdb830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`00fdb8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`00fdb970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`00fdba40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`00fdba90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`00fdbbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`00fdbc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fdbc40) 00000000`0bddf858 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0bddf860 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`0bddf890 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`0bddf900 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0bddf9f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0bddfa20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002744640 Cid 0d68.03c4 Teb: 000007f68efd6000 Win32Thread: fffff90103fc0750 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d16ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800099bdd0 Current fffff8800099b5f0 Base fffff8800099c000 Limit fffff88000996000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`0099b630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0099b770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`0099b830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`0099b8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`0099b970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`0099ba40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`0099ba90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`0099bbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`0099bc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0099bc40) 00000000`0be5fa18 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0be5fa20 000007fe`ed8115fc USER32!GetMessageW+0x25 00000000`0be5fa50 000007fe`f2ef410c AltTab!CAltTabSSO::_ThreadProc+0x11b 00000000`0be5faf0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0be5fbe0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0be5fc10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003600380 Cid 0d68.0280 Teb: 000007f68efd4000 Win32Thread: fffff90103f66b90 WAIT: (UserRequest) UserMode Alertable fffffa80024c64c0 SynchronizationEvent IRP List: fffffa8002eadc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003000010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15728588 Ticks: 12540 (0:00:03:15.625) Context Switch Count 193 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88014e8bdd0 Current fffff88014e8b0f0 Base fffff88014e8c000 Limit fffff88014e86000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14e8b130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e8b270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14e8b330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`14e8b3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`14e8b470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`14e8b980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`14e8bbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e8bc40) 00000000`0bf2f278 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0bf2f280 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0bf2f560 000007fe`ec1d10a9 USER32!MsgWaitForMultipleObjectsEx+0x144 00000000`0bf2f610 000007fe`f2ef410c stobject!CSSOSharedThread::ThreadProc+0xc3 00000000`0bf2faa0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0bf2fb90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0bf2fbc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800212ea80 Cid 0d68.0c90 Teb: 000007f68efd2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8003bb5250 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0) Stack Init fffff88000fd4dd0 Current fffff88000fd4180 Base fffff88000fd5000 Limit fffff88000fcf000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`00fd41c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fd4300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`00fd43c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`00fd4470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`00fd4980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`00fd4bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fd4c40) 00000000`0bfff958 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0bfff960 000007fe`ea643790 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0bfffc40 000007fe`f601167e wlidprov!NotificationThread+0x3d0 00000000`0bfffd30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0bfffd60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c9bb00 Cid 0d68.0c04 Teb: 000007f68f173000 Win32Thread: fffff90103f78710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800403fd30 SynchronizationEvent fffffa80020b0f60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712531 Ticks: 28597 (0:00:07:26.116) Context Switch Count 1912 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801550bfd0 Current fffff8801550b380 Base fffff8801550c000 Limit fffff88015506000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1550b3c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1550b500 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1550b5c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1550b670 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1550bb80 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1550bdd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1550be40) 00000000`0c07f568 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0c07f570 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0c07f850 000007fe`f2a8171e USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000000`0c07f900 000007fe`f2a8120b DUser!CoreSC::xwProcessNL+0x289 00000000`0c07f9d0 000007fe`f56c1bad DUser!MphProcessMessage+0xb3 00000000`0c07fa30 000007fe`f7ec4b67 USER32!_ClientGetMessageMPH+0x3d 00000000`0c07fac0 000007fe`f56c1eba ntdll!KiUserCallbackDispatcherContinue (TrapFrame @ 00000000`0c07f988) 00000000`0c07fb38 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0c07fb40 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`0c07fb70 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`0c07fbe0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0c07fcd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0c07fd00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800366cb00 Cid 0d68.0de4 Teb: 000007f68efd0000 Win32Thread: fffff90103fb4b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d33ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737617 Ticks: 3511 (0:00:00:54.771) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800306add0 Current fffff8800306a5f0 Base fffff8800306b000 Limit fffff88003065000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`0306a630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0306a770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`0306a830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`0306a8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`0306a970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`0306aa40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`0306aa90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`0306abb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`0306ac40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0306ac40) 00000000`0c7bfbf8 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0c7bfc00 000007fe`f65fd3ee USER32!GetMessageW+0x25 00000000`0c7bfc30 000007fe`f2ef410c SHELL32!MessagePumpThreadProc+0x4b 00000000`0c7bfca0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0c7bfd90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0c7bfdc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d90080 Cid 0d68.0c44 Teb: 000007f68f175000 Win32Thread: fffff90104013950 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ec2f50 SynchronizationEvent fffffa80041640f0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6890 IdealProcessor: 0 UserTime 00:00:00.390 KernelTime 00:00:00.702 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003086fd0 Current fffff88003086380 Base fffff88003087000 Limit fffff88003081000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030863c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03086500 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`030865c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03086670 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03086b80 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03086dd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03086e40) 00000000`0af9f1c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`0af9f1d0 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`0af9f4b0 000007fe`f2aaadb8 USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000000`0af9f560 000007fe`f2aaad13 DUser!CoreSC::Wait+0x70 00000000`0af9f5b0 000007fe`f2aaac3d DUser!CoreSC::WaitMessage+0xab 00000000`0af9f610 000007fe`f56ed77a DUser!MphWaitMessageEx+0x51 00000000`0af9f640 000007fe`f7ec4b67 USER32!_ClientWaitMessageExMPH+0x1a 00000000`0af9f690 000007fe`f56c29aa ntdll!KiUserCallbackDispatcherContinue (TrapFrame @ 00000000`0af9f558) 00000000`0af9f6f8 000007fe`e79170c5 USER32!NtUserWaitMessage+0xa 00000000`0af9f700 000007fe`e78b19da explorerframe!CExplorerFrame::FrameMessagePump+0x1bd 00000000`0af9f7f0 000007fe`e78aa6d4 explorerframe!CExplorerTask::InternalResumeRT+0x18a 00000000`0af9f890 000007fe`f6557ad8 explorerframe!CRunnableTask::Run+0x102 00000000`0af9f8c0 000007fe`f65218df SHELL32!CShellTask::TT_Run+0x3c 00000000`0af9f8f0 000007fe`f65219e7 SHELL32!CShellTaskThread::ThreadProc+0xd7 00000000`0af9f990 000007fe`f2ef410c SHELL32!CShellTaskThread::s_ThreadProc+0x33 00000000`0af9f9c0 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0af9fab0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0af9fae0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d75b00 Cid 0d68.0d44 Teb: 000007f68f01c000 Win32Thread: fffff901006e9b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8004142a10 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015eeddd0 Current fffff88015eed5f0 Base fffff88015eee000 Limit fffff88015ee8000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15eed630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15eed770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15eed830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`15eed8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`15eed970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`15eeda40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`15eeda90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`15eedbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`15eedc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15eedc40) 00000000`0942fd98 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000000`0942fda0 000007fe`f65590c9 USER32!GetMessageW+0x25 00000000`0942fdd0 000007fe`f2ef410c SHELL32!_LocalServerThread+0x5a 00000000`0942fe40 000007fe`f601167e SHCORE!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000000`0942ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0942ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800213c800 Cid 0d68.0f08 Teb: 000007f68f006000 Win32Thread: fffff90103f6ab90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject IRP List: fffffa80041e8010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f8edd0 Current fffff88014f8e760 Base fffff88014f8f000 Limit fffff88014f89000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`14f8e7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f8e8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14f8e9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14f8ea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14f8eae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f8ec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f8ec40) 00000000`1256f928 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`1256f930 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`1256fbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`1256fc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002e56b00 Cid 0d68.0140 Teb: 000007f68f000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f4e080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164b6dd0 Current fffff880164b6760 Base fffff880164b7000 Limit fffff880164b1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`164b67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164b68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`164b69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`164b6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`164b6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164b6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164b6c40) 00000000`12bdfa48 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`12bdfa50 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`12bdfcf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`12bdfd20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cdf300 Cid 0d68.0854 Teb: 000007f68f03c000 Win32Thread: fffff90103f544e0 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 443 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe2dd0 Current fffff88000fe2760 Base fffff88000fe3000 Limit fffff88000fdd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`00fe27a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fe28e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`00fe29a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`00fe2a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`00fe2ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`00fe2c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fe2c40) 00000000`11ccf558 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`11ccf560 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`11ccf800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`11ccf830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003fdc840 Cid 0d68.0fd8 Teb: 000007f68f04c000 Win32Thread: fffff9010419eb90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739713 Ticks: 1415 (0:00:00:22.074) Context Switch Count 387 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170a1dd0 Current fffff880170a1760 Base fffff880170a2000 Limit fffff8801709c000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170a17a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170a18e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170a19a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`170a1a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`170a1ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170a1c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170a1c40) 00000000`16fefa08 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`16fefa10 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`16fefcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`16fefce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020aeb00 Cid 0d68.0804 Teb: 000007f68f032000 Win32Thread: fffff90104195530 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738504 Ticks: 2624 (0:00:00:40.934) Context Switch Count 206 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017102dd0 Current fffff88017102760 Base fffff88017103000 Limit fffff880170fd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171027a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171028e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171029a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17102a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17102ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17102c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17102c40) 00000000`17b1f6c8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`17b1f6d0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`17b1f970 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`17b1f9a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003095240 Cid 0d68.0438 Teb: 000007f68f034000 Win32Thread: fffff901040a05b0 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 171 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173ccdd0 Current fffff880173cc760 Base fffff880173cd000 Limit fffff880173c7000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173cc7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173cc8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173cc9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`173cca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`173ccae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173ccc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173ccc40) 00000000`12abf578 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`12abf580 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`12abf820 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`12abf850 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002692700 Cid 0d68.0dc0 Teb: 000007f68f02e000 Win32Thread: fffff901042fb010 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740848 Ticks: 280 (0:00:00:04.368) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173dbdd0 Current fffff880173db760 Base fffff880173dc000 Limit fffff880173d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173db7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173db8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173db9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`173dba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`173dbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173dbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173dbc40) 00000000`1495f6e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`1495f6f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`1495f990 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`1495f9c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033cd080 Cid 0d68.09e4 Teb: 000007f68f020000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735437 Ticks: 5691 (0:00:01:28.780) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017437dd0 Current fffff88017437760 Base fffff88017438000 Limit fffff88017432000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174377a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174378e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174379a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17437a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17437ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17437c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17437c40) 00000000`17c5f848 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`17c5f850 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`17c5faf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`17c5fb20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800219b080 Cid 0d68.0a6c Teb: 000007f68f01a000 Win32Thread: fffff90100625b90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738573 Ticks: 2555 (0:00:00:39.858) Context Switch Count 140 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801743edd0 Current fffff8801743e760 Base fffff8801743f000 Limit fffff88017439000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1743e7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1743e8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1743e9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1743ea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1743eae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1743ec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1743ec40) 00000000`18eafca8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000000`18eafcb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000000`18eaff50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`18eaff80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002161080 Cid 0d68.09fc Teb: 000007f68f17b000 Win32Thread: fffff9010412ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002634c10 SynchronizationEvent fffffa8002cf2e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address UxTheme!CManagerImpl::s_ThreadProc (0x000007fef3c98fc0) Stack Init fffff8801751cdd0 Current fffff8801751c180 Base fffff8801751d000 Limit fffff88017517000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1751c1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1751c300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1751c3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1751c470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1751c980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1751cbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1751cc40) 00000000`1789f978 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000000`1789f980 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000000`1789fc60 000007fe`f3c96eba USER32!MsgWaitForMultipleObjects+0x14c 00000000`1789fd10 000007fe`f3c96fff UxTheme!CManagerImpl::_RunDelegateThread+0xda 00000000`1789fdb0 000007fe`f601167e UxTheme!CManagerImpl::_DelegateThreadProc+0x7f 00000000`1789fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`1789fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ebe040 Cid 0d68.0edc Teb: 000007f68f044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Alertable fffffa8004001540 SynchronizationEvent fffff88014e4cbe0 NotificationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!RtlpWnfNotificationThread (0x000007fef7f005bc) Stack Init fffff88014e4cdd0 Current fffff88014e4c8a0 Base fffff88014e4d000 Limit fffff88014e47000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e4c8e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e4ca20 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`14e4cae0 fffff802`b3e2c9ac nt!KeWaitForMultipleObjects+0x25d fffff880`14e4cb90 fffff802`b3b02d53 nt!NtWaitForWnfNotifications+0x15c fffff880`14e4cc40 000007fe`f7ec469b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e4cc40) 00000000`0983d978 000007fe`f7ee3234 ntdll!NtWaitForWnfNotifications+0xa 00000000`0983d980 000007fe`f601167e ntdll!RtlpWnfNotificationThread+0x1ef 00000000`0983fa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000000`0983fa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001fe8940 SessionId: 2 Cid: 0bdc Peb: 7f6bc9cc000 ParentCid: 0288 DirBase: 09f57000 ObjectTable: fffff8a002742440 HandleCount: Image: LiveComm.exe VadRoot fffffa8002d8ecd0 Vads 308 Clone 0 Private 1551. Modified 1331. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0068da8c0 ElapsedTime 00:15:36.587 UserTime 00:00:00.000 KernelTime 00:00:00.015 QuotaPoolUsage[PagedPool] 330592 QuotaPoolUsage[NonPagedPool] 45008 Working Set Sizes (now,min,max) (5237, 50, 345) (20948KB, 200KB, 1380KB) PeakWorkingSetSize 6082 VirtualSize 752 Mb PeakVirtualSize 757 Mb PageFaultCount 11177 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3185 Job fffffa8001dfa060 Setting context for this process... .process /p /r fffffa8001fe8940 THREAD fffffa8002492800 Cid 0bdc.0be8 Teb: 000007f6bc9ce000 Win32Thread: fffff90103f742d0 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 000007fee8ad5c10 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 *** ERROR: Module load completed but symbols could not be loaded for LiveComm.exe Win32 Start Address LiveComm (0x000007f6bd873b24) Stack Init fffff88017499dd0 Current fffff88017499970 Base fffff8801749a000 Limit fffff88017494000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. *** WARNING: Unable to verify timestamp for Microsoft.WindowsLive.Platform.Service.dll *** ERROR: Module load completed but symbols could not be loaded for Microsoft.WindowsLive.Platform.Service.dll Child-SP RetAddr Call Site fffff880`174999b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17499af0 fffff802`b3adf817 nt!KiCommitThreadWait+0x23c fffff880`17499bb0 fffff802`b3ea4e5e nt!KeWaitForAlertByThreadId+0x13b fffff880`17499c10 fffff802`b3b02d53 nt!NtWaitForAlertByThreadId+0x2a fffff880`17499c40 000007fe`f7ec466b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17499c40) 0000001e`5b40f5c8 000007fe`f7f4ed10 ntdll!NtWaitForAlertByThreadId+0xa 0000001e`5b40f5d0 000007fe`e8a5cb1b ntdll!RtlSleepConditionVariableSRW+0xe9 0000001e`5b40f640 000007fe`e8a4ebf6 twinapi!PsmRegisterAppStateChangeNotification+0x228 0000001e`5b40f690 000007fe`e8a4eb74 twinapi!Windows::ApplicationModel::Core::CoreApplication::RegisterWithPSM+0x36 0000001e`5b40f6e0 000007fe`e8a4c93e twinapi!Windows::ApplicationModel::Core::CoreApplication::InitializeApplicationServer+0x224 0000001e`5b40f760 000007fe`e9a16cdb twinapi!Windows::ApplicationModel::Core::CoreApplicationFactory::RunInternal+0xbe 0000001e`5b40f7c0 000007fe`e9be7230 Microsoft_WindowsLive_Platform_Service+0x56cdb 0000001e`5b40f7c8 0000001e`5b40f8c0 Microsoft_WindowsLive_Platform_Service+0x227230 0000001e`5b40f7d0 00000000`00000000 0x0000001e`5b40f8c0 THREAD fffffa8001efeb00 Cid 0bdc.07b8 Teb: 000007f6bc9ca000 Win32Thread: fffff90103f66710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db2740 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736425 Ticks: 4703 (0:00:01:13.367) Context Switch Count 260 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015833dd0 Current fffff88015833900 Base fffff88015834000 Limit fffff8801582e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`15833940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15833a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15833b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15833bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15833c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15833c40) 0000001e`5b58f328 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000001e`5b58f330 000007fe`e9a7bf19 KERNELBASE!WaitForSingleObjectEx+0x92 0000001e`5b58f3d0 00000000`00000000 Microsoft_WindowsLive_Platform_Service+0xbbf19 THREAD fffffa8001c8cb00 Cid 0bdc.0450 Teb: 000007f6bc9c8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e796d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpLogger (0x000007fef7f46168) Stack Init fffff8801583add0 Current fffff8801583a900 Base fffff8801583b000 Limit fffff88015835000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1583a940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1583aa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1583ab40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1583abd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1583ac40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1583ac40) 0000001e`5b78fdb8 000007fe`f7f461e4 ntdll!NtWaitForSingleObject+0xa 0000001e`5b78fdc0 000007fe`f601167e ntdll!EtwpLogger+0x7c 0000001e`5b78fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`5b78fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c7f080 Cid 0bdc.0e84 Teb: 000007f6bc9c4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e888f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740524 Ticks: 604 (0:00:00:09.422) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015841dd0 Current fffff880158410f0 Base fffff88015842000 Limit fffff8801583c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`15841130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15841270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15841330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`158413c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`15841470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15841980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15841bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15841c40) 0000001e`6111f2d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000001e`6111f2e0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000001e`6111f5c0 000007fe`f7b31a03 combase!WaitCoalesced+0x96 0000001e`6111f810 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 0000001e`6111f860 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 0000001e`6111fad0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 0000001e`6111fb00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6111fb30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d2a200 Cid 0bdc.0e3c Teb: 000007f6bc89e000 Win32Thread: fffff90100600b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c176c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736493 Ticks: 4635 (0:00:01:12.306) Context Switch Count 1391 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e06dd0 Current fffff88014e06900 Base fffff88014e07000 Limit fffff88014e01000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`14e06940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e06a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14e06b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14e06bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14e06c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e06c40) 0000001e`6128f598 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000001e`6128f5a0 000007fe`e9b08a23 KERNELBASE!WaitForSingleObjectEx+0x92 0000001e`6128f640 0000001e`61fe2490 Microsoft_WindowsLive_Platform_Service+0x148a23 0000001e`6128f648 0000001e`61fe2490 0x0000001e`61fe2490 0000001e`6128f650 00000000`00000000 0x0000001e`61fe2490 THREAD fffffa800260d080 Cid 0bdc.05d4 Teb: 000007f6bc89c000 Win32Thread: fffff90103f54b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740403 Ticks: 725 (0:00:00:11.310) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801584fdd0 Current fffff8801584f760 Base fffff88015850000 Limit fffff8801584a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`1584f7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1584f8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1584f9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1584fa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1584fae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1584fc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1584fc40) 0000001e`6140f8d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`6140f8e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`6140fb80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6140fbb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80031f2b00 Cid 0bdc.003c Teb: 000007f6bc89a000 Win32Thread: fffff901000ef570 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject IRP List: fffffa8003ed5010: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa8003f18c10: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 546 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015848dd0 Current fffff88015848760 Base fffff88015849000 Limit fffff88015843000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`158487a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158488e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`158489a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15848a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15848ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15848c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15848c40) 0000001e`6148f568 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`6148f570 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`6148f810 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6148f840 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040e8b00 Cid 0bdc.01c0 Teb: 000007f6bc896000 Win32Thread: fffff90103f72b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 139 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017579dd0 Current fffff88017579760 Base fffff8801757a000 Limit fffff88017574000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`175797a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175798e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175799a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17579a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17579ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17579c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17579c40) 0000001e`6158f978 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`6158f980 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`6158fc20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6158fc50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020c5b00 Cid 0bdc.0168 Teb: 000007f6bc894000 Win32Thread: fffff90103f6cb90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 784 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801585ddd0 Current fffff8801585d760 Base fffff8801585e000 Limit fffff88015858000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`1585d7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1585d8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1585d9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1585da50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1585dae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1585dc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1585dc40) 0000001e`6160fca8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`6160fcb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`6160ff50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6160ff80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002054400 Cid 0bdc.0870 Teb: 000007f6bc890000 Win32Thread: fffff90103fe5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f4e4d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736195 Ticks: 4933 (0:00:01:16.955) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015872dd0 Current fffff88015872900 Base fffff88015873000 Limit fffff8801586d000 Call 0 Priority 12 BasePriority 8 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`15872940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15872a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15872b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15872bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15872c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15872c40) 0000001e`6170ed58 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000001e`6170ed60 000007fe`e9a400f7 KERNELBASE!WaitForSingleObjectEx+0x92 0000001e`6170ee00 0000001e`218f3720 Microsoft_WindowsLive_Platform_Service+0x800f7 0000001e`6170ee08 00000000`00000000 0x0000001e`218f3720 THREAD fffffa80039d1b00 Cid 0bdc.0cc8 Teb: 000007f6bc88c000 Win32Thread: fffff90100624b90 WAIT: (WrQueue) UserMode Alertable fffffa8003bdc500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015879dd0 Current fffff88015879760 Base fffff8801587a000 Limit fffff88015874000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`158797a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158798e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`158799a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15879a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15879ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15879c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15879c40) 0000001e`6190f578 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`6190f580 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`6190f820 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6190f850 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ec1080 Cid 0bdc.0a10 Teb: 000007f6bc88a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003768f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880154a2dd0 Current fffff880154a2900 Base fffff880154a3000 Limit fffff8801549d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`154a2940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154a2a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`154a2b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`154a2bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`154a2c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154a2c40) 0000001e`61d1fbf8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000001e`61d1fc00 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 0000001e`61d1fca0 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 0000001e`61d1fd20 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 0000001e`61d1fdb0 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 0000001e`61d1fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`61d1fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c49080 Cid 0bdc.0e18 Teb: 000007f6bc888000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80027fb080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736491 Ticks: 4637 (0:00:01:12.337) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880154b7dd0 Current fffff880154b77a0 Base fffff880154b8000 Limit fffff880154b2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`154b77e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154b7920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`154b79e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`154b7a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`154b7b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`154b7bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154b7c40) 0000001e`6311f808 000007fe`f4fd36ad ntdll!NtRemoveIoCompletion+0xa 0000001e`6311f810 000007fe`f6011962 KERNELBASE!GetQueuedCompletionStatus+0x39 0000001e`6311f870 000007fe`ef0068cc KERNEL32!GetQueuedCompletionStatusStub+0x12 0000001e`6311f8b0 000007fe`ef04ad91 ESENT!CTaskManager::TMIDispatch+0x11c 0000001e`6311f950 000007fe`ef04ad45 ESENT!CTaskManager::TMDispatch+0x11 0000001e`6311f980 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 0000001e`6311f9c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`6311f9f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d4f4c0 Cid 0bdc.0e34 Teb: 000007f6bc884000 Win32Thread: fffff90103fba290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001eef290 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736136 Ticks: 4992 (0:00:01:17.875) Context Switch Count 555 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015902dd0 Current fffff88015902900 Base fffff88015903000 Limit fffff880158fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`15902940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15902a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15902b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15902bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15902c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15902c40) 0000001e`2153f2c8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 0000001e`2153f2d0 000007fe`e9b08a23 KERNELBASE!WaitForSingleObjectEx+0x92 0000001e`2153f370 0000001e`21909b60 Microsoft_WindowsLive_Platform_Service+0x148a23 0000001e`2153f378 0000001e`21909b60 0x0000001e`21909b60 0000001e`2153f380 00000000`00000000 0x0000001e`21909b60 THREAD fffffa8001e41080 Cid 0bdc.0b68 Teb: 000007f6bc882000 Win32Thread: fffff90100703010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015909dd0 Current fffff88015909760 Base fffff8801590a000 Limit fffff88015904000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`159097a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159098e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`159099a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15909a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15909ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15909c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15909c40) 0000001e`215bf6c8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`215bf6d0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`215bf970 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`215bf9a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040a8600 Cid 0bdc.0988 Teb: 000007f6bc880000 Win32Thread: fffff90100701010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736367 Ticks: 4761 (0:00:01:14.272) Context Switch Count 69 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155a4dd0 Current fffff880155a4760 Base fffff880155a5000 Limit fffff8801559f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`155a47a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155a48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`155a49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`155a4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`155a4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155a4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155a4c40) 0000001e`2177f788 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`2177f790 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`2177fa30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`2177fa60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e5a780 Cid 0bdc.08b8 Teb: 000007f6bc87e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80021944e0 NotificationEvent IRP List: fffffa80020a1330: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88014faadd0 Current fffff88014faa900 Base fffff88014fab000 Limit fffff88014fa5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`14faa940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14faaa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14faab40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14faabd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14faac40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14faac40) 0000001e`224ef028 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 0000001e`224ef030 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 0000001e`224ef0b0 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 0000001e`224ef250 000007fe`f59e008b WS2_32!select+0x185 0000001e`224ef340 000007fe`f601167e WININET!ICAsyncThread::SelectThread+0x1fb 0000001e`224efa30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`224efa60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003648480 Cid 0bdc.0cbc Teb: 000007f6bc87c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef0700 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740662 Ticks: 466 (0:00:00:07.269) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171b6dd0 Current fffff880171b6760 Base fffff880171b7000 Limit fffff880171b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`171b67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171b68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171b69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`171b6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`171b6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`171b6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171b6c40) 0000001e`2256f568 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`2256f570 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`2256f810 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`2256f840 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003041300 Cid 0bdc.0914 Teb: 000007f6bc878000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800367b740 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736876 Ticks: 4252 (0:00:01:06.331) Context Switch Count 13 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88017022dd0 Current fffff880170227a0 Base fffff88017023000 Limit fffff8801701d000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`170227e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17022920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170229e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17022a90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`17022b20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`17022bd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17022c40) 0000001e`2266fa78 000007fe`f4645a19 ntdll!NtRemoveIoCompletion+0xa 0000001e`2266fa80 000007fe`f601167e mswsock!SockAsyncThread+0x8f 0000001e`2266fae0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`2266fb10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033b1940 Cid 0bdc.0cfc Teb: 000007f6bc87a000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffffa8003bbe118 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735637 Ticks: 5491 (0:00:01:25.660) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88015964dd0 Current fffff880159647e0 Base fffff88015965000 Limit fffff8801595f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15964820 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15964960 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15964a20 fffff802`b3e257a4 nt!KeWaitForSingleObject+0x1cf fffff880`15964ab0 fffff802`b3e8418b nt!EtwpReceiveNotification+0x6c fffff880`15964b20 fffff802`b3b02d53 nt!NtTraceControl+0x337 fffff880`15964bd0 000007fe`f7ec459b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15964c40) 0000001e`225efa58 000007fe`f7f257f8 ntdll!NtTraceControl+0xa 0000001e`225efa60 000007fe`f601167e ntdll!EtwpNotificationThread+0x4c 0000001e`225efbc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`225efbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800418bb00 Cid 0bdc.0da4 Teb: 000007f6bc886000 Win32Thread: fffff90103f06640 WAIT: (UserRequest) UserMode Alertable fffffa8003065290 SynchronizationEvent IRP List: fffffa8002195c10: (0006,03e8) Flags: 00020870 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740256 Ticks: 872 (0:00:00:13.603) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff8801731fdd0 Current fffff8801731f0f0 Base fffff88017320000 Limit fffff8801731a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`1731f130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1731f270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1731f330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1731f3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1731f470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1731f980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1731fbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1731fc40) 0000001e`2042f558 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000001e`2042f560 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000001e`2042f840 000007fe`f66df3e1 USER32!MsgWaitForMultipleObjectsEx+0x144 0000001e`2042f8f0 000007fe`f66df477 SHELL32!Windows::Internal::ComTaskPool::CThread::_ThreadProc+0x271 0000001e`2042fa00 000007fe`f66df4a9 SHELL32!Windows::Internal::ComTaskPool::CThread::s_ExecuteThreadProc+0x17 0000001e`2042fa30 000007fe`f601167e SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc+0x9 0000001e`2042fa60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`2042fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003894b00 Cid 0bdc.0e40 Teb: 000007f6bc872000 Win32Thread: fffff90104252b90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801759cdd0 Current fffff8801759c760 Base fffff8801759d000 Limit fffff88017597000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`1759c7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1759c8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1759c9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1759ca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1759cae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1759cc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1759cc40) 0000001e`227ef888 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`227ef890 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`227efb30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`227efb60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020ca080 Cid 0bdc.0b98 Teb: 000007f6bc86e000 Win32Thread: fffff9010434ab90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003063dd0 Current fffff88003063760 Base fffff88003064000 Limit fffff8800305e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`030637a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`030638e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`030639a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03063a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03063ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03063c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03063c40) 0000001e`228efad8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`228efae0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`228efd80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`228efdb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800306a440 Cid 0bdc.0b30 Teb: 000007f6bc866000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736997 Ticks: 4131 (0:00:01:04.444) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dfbdd0 Current fffff88003dfb760 Base fffff88003dfc000 Limit fffff88003df6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr Call Site fffff880`03dfb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dfb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03dfb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03dfba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03dfbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03dfbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dfbc40) 0000001e`22aef9e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000001e`22aef9f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000001e`22aefc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000001e`22aefcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002d5d940 SessionId: 2 Cid: 0dd0 Peb: 7f6525bf000 ParentCid: 0d68 DirBase: 66377000 ObjectTable: fffff8a0068d5600 HandleCount: Image: browserchoice.exe VadRoot fffffa8003b45140 Vads 74 Clone 0 Private 301. Modified 1. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a002f828c0 ElapsedTime 00:15:21.299 UserTime 00:00:00.015 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 199688 QuotaPoolUsage[NonPagedPool] 9408 Working Set Sizes (now,min,max) (2142, 50, 345) (8568KB, 200KB, 1380KB) PeakWorkingSetSize 2189 VirtualSize 96 Mb PeakVirtualSize 99 Mb PageFaultCount 2368 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 495 Setting context for this process... .process /p /r fffffa8002d5d940 THREAD fffffa800414e080 Cid 0dd0.0ffc Teb: 000007f6525bd000 Win32Thread: fffff90103e94530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b43b00 NotificationEvent fffffa800200e080 ProcessObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15682371 Ticks: 58757 (0:00:15:16.615) Context Switch Count 173 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address browserchoice!WinMainCRTStartup (0x000007f652923adc) Stack Init fffff880172d6dd0 Current fffff880172d6180 Base fffff880172d7000 Limit fffff880172d1000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172d61c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172d6300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`172d63c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`172d6470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`172d6980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`172d6bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172d6c40) 0000002f`d1d8e108 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000002f`d1d8e110 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000002f`d1d8e3f0 000007f6`52922868 KERNEL32!WaitForMultipleObjects+0x12 0000002f`d1d8e430 000007f6`5292344a browserchoice!_LaunchWWAAndWait+0x17c 0000002f`d1d8f520 000007f6`52923a31 browserchoice!WinMain+0x23a 0000002f`d1d8f830 000007fe`f601167e browserchoice!SHIsCurrentAppElevated+0x3ad 0000002f`d1d8f8f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002f`d1d8f920 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f76080 Cid 0dd0.07b4 Teb: 000007f6525b5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d6e380 SynchronizationEvent fffffa8003e455b0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15740007 Ticks: 1121 (0:00:00:17.487) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015910dd0 Current fffff88015910180 Base fffff88015911000 Limit fffff8801590b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159101c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15910300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`159103c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15910470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15910980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15910bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15910c40) 0000002f`d469f538 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 0000002f`d469f540 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 0000002f`d469f820 000007fe`f7ba9443 combase!WaitCoalesced+0x96 0000002f`d469fa70 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 0000002f`d469fac0 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 0000002f`d469fb00 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 0000002f`d469fd70 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 0000002f`d469fda0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002f`d469fdd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800418c9c0 Cid 0dd0.062c Teb: 000007f6525bb000 Win32Thread: fffff90103fbab90 WAIT: (WrQueue) UserMode Alertable fffffa8003075a80 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160c3dd0 Current fffff880160c3760 Base fffff880160c4000 Limit fffff880160be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160c37a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160c38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`160c39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`160c3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`160c3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160c3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160c3c40) 0000002f`d451fba8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 0000002f`d451fbb0 000007fe`f601167e ntdll!TppWorkerThread+0x275 0000002f`d451fe50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 0000002f`d451fe80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa800200e080 SessionId: 2 Cid: 0478 Peb: 7f6893cf000 ParentCid: 0288 DirBase: 66cf7000 ObjectTable: fffff8a0029307c0 HandleCount: Image: WWAHost.exe VadRoot fffffa8003dcfe60 Vads 239 Clone 0 Private 3988. Modified 23634. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a00213b060 ElapsedTime 00:15:19.037 UserTime 00:00:00.218 KernelTime 00:00:00.031 QuotaPoolUsage[PagedPool] 414888 QuotaPoolUsage[NonPagedPool] 33936 Working Set Sizes (now,min,max) (11114, 50, 345) (44456KB, 200KB, 1380KB) PeakWorkingSetSize 14528 VirtualSize 230 Mb PeakVirtualSize 254 Mb PageFaultCount 42939 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 5574 Job fffffa80039a1060 Setting context for this process... .process /p /r fffffa800200e080 THREAD fffffa800362d500 Cid 0478.0254 Teb: 000007f6893cd000 Win32Thread: fffff90103f68b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800415e640 NotificationEvent fffffa8001fa17c0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741023 Ticks: 105 (0:00:00:01.638) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address WWAHost!mainCRTStartup (0x000007f6894bb320) Stack Init fffff88017303dd0 Current fffff88017303180 Base fffff88017304000 Limit fffff880172fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173031c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17303300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`173033c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17303470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17303980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17303bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17303c40) 00000068`4834f1c8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4834f1d0 000007fe`e8a4caf8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4834f4b0 000007fe`e8a4c994 TWINAPI!Event::WaitWithFreeUnusedLibraries+0xb8 00000068`4834f720 000007f6`894bb7af TWINAPI!Windows::ApplicationModel::Core::CoreApplicationFactory::RunInternal+0x114 00000068`4834f780 000007f6`894bb5af WWAHost!Host::Run+0x1ad 00000068`4834f800 000007f6`894bb486 WWAHost!RunHost+0xe7 00000068`4834f830 000007fe`f601167e WWAHost!mainCRTStartup+0x19d 00000068`4834f890 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4834f8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f80b00 Cid 0478.03d4 Teb: 000007f6893c9000 Win32Thread: fffff90103fb6410 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 68 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151f7dd0 Current fffff880151f7760 Base fffff880151f8000 Limit fffff880151f2000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`151f77a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151f78e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`151f79a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`151f7a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`151f7ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151f7c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151f7c40) 00000068`49e9f9b8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000068`49e9f9c0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000068`49e9fc60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`49e9fc90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80036f5080 Cid 0478.0a14 Teb: 000007f6893c5000 Win32Thread: fffff90103fb8410 WAIT: (UserRequest) UserMode Alertable fffffa80027f9060 SynchronizationEvent fffffa80021a8940 NotificationEvent fffffa80041a7be0 SynchronizationTimer fffffa8001d2d380 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 16400 IdealProcessor: 0 UserTime 00:00:02.464 KernelTime 00:00:00.904 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003c52dd0 Current fffff88003c52180 Base fffff88003c53000 Limit fffff88003c4d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03c521c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c52300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`03c523c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03c52470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03c52980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03c52bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c52c40) 00000068`4b0aec98 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4b0aeca0 000007fe`f56c1ce0 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4b0aef80 000007fe`f2a81536 USER32!RealMsgWaitForMultipleObjectsEx+0x100 00000068`4b0af030 000007fe`f2a81636 DUser!CoreSC::DUIMsgWaitForMultipleObjectsEx+0x156 00000068`4b0af0e0 000007fe`f56c1311 DUser!MphMsgWaitForMultipleObjectsEx+0x6e 00000068`4b0af120 000007fe`f7b8bbd5 USER32!MsgWaitForMultipleObjectsEx+0x1ad 00000068`4b0af1d0 000007fe`f7b8ba8c combase!ASTAWaitContext::KernelWait+0x55 00000068`4b0af230 000007fe`f7b8bd09 combase!ASTAWaitContext::Wait+0x21c 00000068`4b0af4d0 000007fe`e9dc1154 combase!CoMsgWaitInProcessEvents+0xb9 00000068`4b0af530 000007f6`894b2904 windows_ui!Windows::UI::Core::CDispatcher::ProcessEvents+0x82 [d:\w8rtm\windows\advcore\winrt\iwindow\corewindow\dispatcher.cpp @ 181] 00000068`4b0af5f0 000007f6`894b284e WWAHost!CoreWindowDispatcher::RunMessageLoop+0x7b 00000068`4b0af630 000007fe`e8a517ac WWAHost!WebInstance::Run+0x64 00000068`4b0af670 000007fe`e8a518be TWINAPI!Windows::ApplicationModel::Core::CoreApplicationView::Run+0x30 00000068`4b0af6a0 000007fe`f2ef410c TWINAPI!Microsoft::WRL::Details::CreateActivationFactory+0x35e 00000068`4b0af6f0 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000068`4b0af7e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4b0af810 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80032b3080 Cid 0478.0440 Teb: 000007f68929c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037ec920 NotificationEvent fffffa8001f990f0 NotificationEvent fffffa800219d550 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mrmcorer!Windows::ApplicationModel::Resources::Core::LanguageChangeNotifiyThreadProc (0x000007feeeb8dcfc) Stack Init fffff88015f17dd0 Current fffff88015f17180 Base fffff88015f18000 Limit fffff88015f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15f171c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f17300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15f173c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15f17470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15f17980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15f17bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f17c40) 00000068`4beaf328 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4beaf330 000007fe`f7b69bc8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4beaf610 000007fe`f7b69b62 combase!DefaultWaitForHandles+0x44 00000068`4beaf650 000007fe`eeb8def4 combase!CoWaitForMultipleHandles+0xda 00000068`4beaf690 000007fe`f601167e mrmcorer!Windows::ApplicationModel::Resources::Core::LanguageChangeNotifiyThreadProc+0x21d 00000068`4beaf790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4beaf7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002e66500 Cid 0478.0250 Teb: 000007f689298000 Win32Thread: fffff90103fb6b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80040e0600 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CIndependentHitTestManager::s_IndependentHitTestThreadProc (0x000007fee3987d10) Stack Init fffff88017133dd0 Current fffff880171335f0 Base fffff88017134000 Limit fffff8801712e000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17133630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17133770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17133830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`171338c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`17133970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`17133a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`17133a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`17133bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`17133c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17133c40) 00000068`4c0bfe78 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000068`4c0bfe80 000007fe`e399811a USER32!GetMessageW+0x25 00000068`4c0bfeb0 000007fe`f601167e MSHTML!CIndependentHitTestManager::IndependentHitTestThreadProc+0xaa 00000068`4c0bff10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4c0bff40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bd9080 Cid 0478.04d4 Teb: 000007f689296000 Win32Thread: fffff90103fba710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800269f430 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15702012 Ticks: 39116 (0:00:10:10.213) Context Switch Count 1108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff880161b1dd0 Current fffff880161b1900 Base fffff880161b2000 Limit fffff880161ac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`161b1940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161b1a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`161b1b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`161b1bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`161b1c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161b1c40) 00000068`4c5bfaa8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000068`4c5bfab0 000007fe`e34e4a26 KERNELBASE!WaitForSingleObjectEx+0x92 00000068`4c5bfb50 000007fe`e398e492 MSHTML!CTimerMan::ThreadExec+0x12b 00000068`4c5bfba0 000007fe`f601167e MSHTML!CExecFT::ThreadProc+0x4e 00000068`4c5bfbd0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4c5bfc00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e1c600 Cid 0478.0f34 Teb: 000007f689294000 Win32Thread: fffff90103fb8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e131a0 SynchronizationEvent fffffa8003b489d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15701923 Ticks: 39205 (0:00:10:11.601) Context Switch Count 2681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.062 Win32 Start Address MSHTML!CVSyncProvider::RunThread (0x000007fee399ae74) Stack Init fffff88017445dd0 Current fffff88017445180 Base fffff88017446000 Limit fffff88017440000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174451c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17445300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174453c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17445470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17445980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17445bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17445c40) 00000068`4c6cf688 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4c6cf690 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4c6cf970 000007fe`e37c7baa KERNEL32!WaitForMultipleObjects+0x12 00000068`4c6cf9b0 000007fe`e399ae9a MSHTML!CVSyncProvider::Run+0x205 00000068`4c6cfc20 000007fe`f601167e MSHTML!CVSyncProvider::RunThread+0x26 00000068`4c6cfc50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4c6cfc80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004016080 Cid 0478.0c0c Teb: 000007f689292000 Win32Thread: fffff90103fa1410 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001f06e00 SynchronizationEvent fffffa80018a3900 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 78 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff88017587dd0 Current fffff88017587180 Base fffff88017588000 Limit fffff88017582000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`175871c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17587300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175873c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17587470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17587980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17587bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17587c40) 00000068`4c82f688 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4c82f690 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4c82f970 000007fe`f7b6943b USER32!MsgWaitForMultipleObjectsEx+0x144 00000068`4c82fa20 000007fe`f7b69d4a combase!CCliModalLoop::BlockFn+0x12f 00000068`4c82fad0 000007fe`f7b69b62 combase!ClassicSTAThreadWaitForHandles+0x106 00000068`4c82fbe0 000007fe`e37d3420 combase!CoWaitForMultipleHandles+0xda 00000068`4c82fc20 000007fe`e398e492 MSHTML!CDwnTaskExec::ThreadExec+0x163 00000068`4c82fc60 000007fe`f601167e MSHTML!CExecFT::ThreadProc+0x4e 00000068`4c82fc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4c82fcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d83700 Cid 0478.013c Teb: 000007f689290000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040b8620 SynchronizationEvent fffffa80041735c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682797 Ticks: 58331 (0:00:15:09.969) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015933dd0 Current fffff88015933180 Base fffff88015934000 Limit fffff8801592e000 Call 0 Priority 10 BasePriority 7 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`159331c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15933300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`159333c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15933470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15933980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15933bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15933c40) 00000068`4d0df4f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4d0df500 000007fe`e69c1b8c KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4d0df7e0 000007fe`e6b1acb8 jscript9!Recycler::ThreadProc+0xfc 00000068`4d0df890 000007fe`f782707b jscript9!Recycler::StaticThreadProc+0x18 00000068`4d0df8e0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000068`4d0df910 000007fe`f601167e msvcrt!endthreadex+0xac 00000068`4d0df940 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4d0df970 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e56880 Cid 0478.0130 Teb: 000007f68928e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800384cca0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682789 Ticks: 58339 (0:00:15:10.094) Context Switch Count 29 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8800302edd0 Current fffff8800302e900 Base fffff8800302f000 Limit fffff88003029000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`0302e940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0302ea80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`0302eb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`0302ebd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`0302ec40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0302ec40) 00000068`4d1ffc18 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000068`4d1ffc20 000007fe`e69c2356 KERNELBASE!WaitForSingleObjectEx+0x92 00000068`4d1ffcc0 000007fe`e69c23f2 jscript9!Event::Wait+0x16 00000068`4d1ffcf0 000007fe`e6b1221e jscript9!JsUtil::BackgroundJobProcessor::Run+0x172 00000068`4d1ffd40 000007fe`f782707b jscript9!JsUtil::BackgroundJobProcessor::StaticThreadProc+0x4e 00000068`4d1ffd90 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000068`4d1ffdc0 000007fe`f601167e msvcrt!endthreadex+0xac 00000068`4d1ffdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4d1ffe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cd7b00 Cid 0478.0bf8 Teb: 000007f68928c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800398f290 SynchronizationEvent fffffa8003daf2f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740250 Ticks: 878 (0:00:00:13.696) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88002fb2dd0 Current fffff88002fb2180 Base fffff88002fb3000 Limit fffff88002fad000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`02fb21c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`02fb2300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`02fb23c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`02fb2470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`02fb2980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`02fb2bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02fb2c40) 00000068`4d8bf0b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4d8bf0c0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4d8bf3a0 000007fe`f7ba9443 combase!WaitCoalesced+0x96 00000068`4d8bf5f0 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 00000068`4d8bf640 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 00000068`4d8bf680 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000068`4d8bf8f0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000068`4d8bf920 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4d8bf950 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d9a280 Cid 0478.0c74 Teb: 000007f689286000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80027725f0 NotificationEvent IRP List: fffffa8002c9c670: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736465 Ticks: 4663 (0:00:01:12.743) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff8801728fdd0 Current fffff8801728f900 Base fffff88017290000 Limit fffff8801728a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1728f940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1728fa80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1728fb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1728fbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1728fc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1728fc40) 00000068`5016f0c8 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 00000068`5016f0d0 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 00000068`5016f150 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 00000068`5016f2f0 000007fe`f59e008b WS2_32!select+0x185 00000068`5016f3e0 000007fe`f601167e WININET!ICAsyncThread::SelectThread+0x1fb 00000068`5016fad0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`5016fb00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80030692c0 Cid 0478.0ea8 Teb: 000007f689282000 Win32Thread: fffff90103f78b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003da4c80 SynchronizationEvent fffffa8003da24e0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 34 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0) Stack Init fffff88015895dd0 Current fffff88015895180 Base fffff88015896000 Limit fffff88015890000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`158951c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15895300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`158953c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15895470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15895980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15895bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15895c40) 00000068`4feef288 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4feef290 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4feef570 000007fe`f7b6943b USER32!MsgWaitForMultipleObjectsEx+0x144 00000068`4feef620 000007fe`f7b69d4a combase!CCliModalLoop::BlockFn+0x12f 00000068`4feef6d0 000007fe`f7b69b62 combase!ClassicSTAThreadWaitForHandles+0x106 00000068`4feef7e0 000007fe`e37d3420 combase!CoWaitForMultipleHandles+0xda 00000068`4feef820 000007fe`e398e492 MSHTML!CDwnTaskExec::ThreadExec+0x163 00000068`4feef860 000007fe`f601167e MSHTML!CExecFT::ThreadProc+0x4e 00000068`4feef890 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4feef8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ed3080 Cid 0478.081c Teb: 000007f68929e000 Win32Thread: fffff9010065c780 WAIT: (UserRequest) UserMode Non-Alertable fffffa800204c830 SynchronizationEvent fffffa800263b770 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801715ddd0 Current fffff8801715d180 Base fffff8801715e000 Limit fffff88017158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1715d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1715d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1715d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1715d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1715d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1715dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1715dc40) 00000068`4e10f208 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000068`4e10f210 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000068`4e10f4f0 000007fe`f2aa160b USER32!MsgWaitForMultipleObjectsEx+0x144 00000068`4e10f5a0 000007fe`f2aa15db DUser!CoreSC::xwProcessNL+0x5bb 00000068`4e10f670 000007fe`f2aa14fe DUser!GetMessageExA+0x6b 00000068`4e10f6c0 000007fe`f782707b DUser!ResourceManager::SharedThreadProc+0xfe 00000068`4e10f750 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000068`4e10f780 000007fe`f601167e msvcrt!endthreadex+0xac 00000068`4e10f7b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4e10f7e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038e8080 Cid 0478.0a08 Teb: 000007f68928a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001eef1c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174bcdd0 Current fffff880174bc760 Base fffff880174bd000 Limit fffff880174b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174bc7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174bc8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174bc9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`174bca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`174bcae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174bcc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174bcc40) 00000068`4faffcb8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000068`4faffcc0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000068`4fafff60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4fafff90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002179080 Cid 0478.0180 Teb: 000007f6893cb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017164dd0 Current fffff88017164760 Base fffff88017165000 Limit fffff8801715f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171647a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171648e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`171649a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17164a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17164ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17164c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17164c40) 00000068`4864fc88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000068`4864fc90 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000068`4864ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000068`4864ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002cc2940 SessionId: 2 Cid: 03e4 Peb: 7f75e65c000 ParentCid: 0288 DirBase: 53f43000 ObjectTable: fffff8a006b98400 HandleCount: Image: RuntimeBroker.exe VadRoot fffffa80036e7a20 Vads 134 Clone 0 Private 643. Modified 34. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a00316a670 ElapsedTime 00:15:16.744 UserTime 00:00:00.093 KernelTime 00:00:00.078 QuotaPoolUsage[PagedPool] 255848 QuotaPoolUsage[NonPagedPool] 17136 Working Set Sizes (now,min,max) (4049, 50, 345) (16196KB, 200KB, 1380KB) PeakWorkingSetSize 4202 VirtualSize 121 Mb PeakVirtualSize 140 Mb PageFaultCount 5826 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 985 Setting context for this process... .process /p /r fffffa8002cc2940 THREAD fffffa8001d15900 Cid 03e4.0188 Teb: 000007f75e65e000 Win32Thread: fffff90103fa1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003036fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740064 Ticks: 1064 (0:00:00:16.598) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address RuntimeBroker!wWinMainCRTStartup (0x000007f75ed537d0) Stack Init fffff880159fcdd0 Current fffff880159fc900 Base fffff880159fd000 Limit fffff880159f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159fc940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159fca80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`159fcb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`159fcbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`159fcc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159fcc40) 000000bd`3a4cf628 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 000000bd`3a4cf630 000007f7`5ed52b4b KERNELBASE!WaitForSingleObjectEx+0x92 000000bd`3a4cf6d0 000007f7`5ed5372e RuntimeBroker!wWinMain+0x227 000000bd`3a4cf740 000007fe`f601167e RuntimeBroker!ProcessToken::GetStringSelfSid+0x46e 000000bd`3a4cf800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3a4cf830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033e2980 Cid 03e4.0e78 Teb: 000007f75e52a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003954900 SynchronizationEvent fffffa8001c9b060 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88003008dd0 Current fffff88003008180 Base fffff88003009000 Limit fffff88003003000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`030081c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03008300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`030083c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03008470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03008980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03008bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03008c40) 000000bd`3c4af078 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000bd`3c4af080 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000bd`3c4af360 000007fe`f7ba9443 combase!WaitCoalesced+0x96 000000bd`3c4af5b0 000007fe`f7ba966e combase!CDllHost::MTAWorkerLoop+0x53 000000bd`3c4af600 000007fe`f7b32218 combase!CDllHost::WorkerThread+0x126 000000bd`3c4af640 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000bd`3c4af8b0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000bd`3c4af8e0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3c4af910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003fb0080 Cid 03e4.0880 Teb: 000007f75e528000 Win32Thread: fffff90100648b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80027a8940 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740565 Ticks: 563 (0:00:00:08.782) Context Switch Count 161 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8800300fdd0 Current fffff8800300f5f0 Base fffff88003010000 Limit fffff8800300a000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`0300f630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0300f770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`0300f830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`0300f8c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`0300f970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`0300fa40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`0300fa90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`0300fbb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`0300fc40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0300fc40) 000000bd`3c53f668 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 000000bd`3c53f670 000007fe`f7ba9f50 USER32!GetMessageW+0x25 000000bd`3c53f6a0 000007fe`f7b74d49 combase!CDllHost::STAWorkerLoop+0x54 000000bd`3c53f710 000007fe`f7b32218 combase!CDllHost::WorkerThread+0xc1 000000bd`3c53f750 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000bd`3c53f9c0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000bd`3c53f9f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3c53fa20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f63080 Cid 03e4.0d74 Teb: 000007f75e658000 Win32Thread: fffff9010434a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 265 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017572dd0 Current fffff88017572760 Base fffff88017573000 Limit fffff8801756d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`175727a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175728e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175729a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17572a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17572ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17572c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17572c40) 000000bd`3a7df8e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000bd`3a7df8f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000bd`3a7dfb90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3a7dfbc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e07080 Cid 03e4.0ac0 Teb: 000007f75e654000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036f84a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017347dd0 Current fffff880173470f0 Base fffff88017348000 Limit fffff88017342000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17347130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17347270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17347330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`173473c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`17347470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17347980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17347bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17347c40) 000000bd`3d3af658 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000bd`3d3af660 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000bd`3d3af940 000007fe`f7b31a03 combase!WaitCoalesced+0x96 000000bd`3d3afb90 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 000000bd`3d3afbe0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000bd`3d3afe50 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000bd`3d3afe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3d3afeb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018af080 Cid 03e4.09f0 Teb: 000007f75e52e000 Win32Thread: fffff9010419a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 226 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175ccdd0 Current fffff880175cc760 Base fffff880175cd000 Limit fffff880175c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`175cc7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175cc8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`175cc9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`175cca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`175ccae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`175ccc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175ccc40) 000000bd`3d66f768 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000bd`3d66f770 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000bd`3d66fa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3d66fa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003faf580 Cid 03e4.073c Teb: 000007f75e52c000 Win32Thread: fffff90104118010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003b97990 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736411 Ticks: 4717 (0:00:01:13.585) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff88015e53dd0 Current fffff88015e535f0 Base fffff88015e54000 Limit fffff88015e4e000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e53630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e53770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15e53830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`15e538c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`15e53970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`15e53a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`15e53a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`15e53bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`15e53c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e53c40) 000000bd`3d6efcc8 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 000000bd`3d6efcd0 000007fe`f66df2d5 USER32!GetMessageW+0x25 000000bd`3d6efd00 000007fe`f66df477 SHELL32!Windows::Internal::ComTaskPool::CThread::_ThreadProc+0x165 000000bd`3d6efe10 000007fe`f66df4a9 SHELL32!Windows::Internal::ComTaskPool::CThread::s_ExecuteThreadProc+0x17 000000bd`3d6efe40 000007fe`f601167e SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc+0x9 000000bd`3d6efe70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000bd`3d6efea0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002cb2940 SessionId: 2 Cid: 0c80 Peb: 7f6c41dd000 ParentCid: 0288 DeepFreeze DirBase: 2ef45000 ObjectTable: fffff8a002f215c0 HandleCount: Image: iexplore.exe VadRoot fffffa8001db41a0 Vads 277 Clone 0 Private 2247. Modified 3165. Locked 176. DeviceMap fffff8a000290b20 Token fffff8a0006b38c0 ElapsedTime 00:15:05.509 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 428480 QuotaPoolUsage[NonPagedPool] 39952 Working Set Sizes (now,min,max) (39219, 50, 345) (156876KB, 200KB, 1380KB) PeakWorkingSetSize 41317 VirtualSize 210 Mb PeakVirtualSize 219 Mb PageFaultCount 47799 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2314 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8002cb2940 THREAD fffffa8001e4eb00 Cid 0c80.0514 Teb: 000007f6c41de000 Win32Thread: fffff901000e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e4ede0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 7283 IdealProcessor: 0 UserTime 00:00:00.202 KernelTime 00:00:00.296 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff880155f8dd0 Current fffff880155f8740 Base fffff880155f9000 Limit fffff880155f3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`155f8780 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155f88c0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`155f8980 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`155f8a10 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`155f8a70 fffff802`b3aabfb3 nt!KiDeliverApc+0x1f0 fffff880`155f8af0 fffff802`b3ec1a38 nt!KiCheckForKernelApcDelivery+0x23 fffff880`155f8b20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x1e8 fffff880`155f8bd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155f8c40) 00000021`8c33cef8 000007fe`f5bf07f8 ntdll!NtAlpcSendWaitReceivePort+0xa 00000021`8c33cf00 000007fe`f5bf051a RPCRT4!LRPC_SCALL::AsyncSend+0xf8 00000021`8c33cfa0 000007fe`f7b68590 RPCRT4!I_RpcSend+0x52 00000021`8c33cfd0 000007fe`f56c171e combase!ThreadWndProc+0x34a 00000021`8c33d0b0 000007fe`f56c14d7 user32!UserCallWinProcCheckWow+0x13a 00000021`8c33d170 000007fe`e499d7f5 user32!DispatchMessageWorker+0x1a7 00000021`8c33d1f0 000007fe`e47cb30b IEFRAME!CBrowserFrame::FrameMessagePump+0x3ec 00000021`8c33d2e0 000007fe`e47cb50e IEFRAME!BrowserThreadProc+0x1ee 00000021`8c33e430 000007fe`e47cc64f IEFRAME!BrowserNewThreadProc+0xbe 00000021`8c33e480 000007fe`e47cc422 IEFRAME!SHOpenFolderWindow+0xe6 00000021`8c33f530 000007fe`e47cc143 IEFRAME!IEWinMain+0x212 00000021`8c33f7b0 000007fe`e48a521a IEFRAME!LCIEStartAsFrame+0x4bb 00000021`8c33f860 000007f6`c49b1ed2 IEFRAME!ImmersiveFrameProcess+0x3a 00000021`8c33f890 000007f6`c49b1027 iexplore!wWinMain+0x631 00000021`8c33fbe0 000007fe`f601167e iexplore!_imp_load_WaitForInputIdle+0x2ee 00000021`8c33fca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8c33fcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800219c080 Cid 0c80.0d88 Teb: 000007f6c41db000 Win32Thread: fffff90103f206e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800219c360 NotificationEvent Waiting for reply to ALPC Message fffff8a0018c8030 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 6167 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801548ddd0 Current fffff8801548d430 Base fffff8801548e000 Limit fffff88015488000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1548d470 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1548d5b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1548d670 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1548d700 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1548d760 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1548d7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`1548d8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`1548d930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`1548d9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1548da40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1548db20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1548dbd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1548dc40) 00000021`8e0beeb8 000007fe`f5be493f ntdll!NtAlpcSendWaitReceivePort+0xa 00000021`8e0beec0 000007fe`f5be47c6 RPCRT4!LRPC_BASE_CCALL::DoSendReceive+0xef 00000021`8e0bef70 000007fe`f5cf6df2 RPCRT4!LRPC_BASE_CCALL::SendReceive+0x36 00000021`8e0befb0 000007fe`f5cf7d09 RPCRT4!NdrpClientCall3+0x725 00000021`8e0bf300 000007fe`e8a61b63 RPCRT4!NdrClientCall3+0xed 00000021`8e0bf690 000007fe`f7ee3e4d twinapi!PsmpHandleQuiesceRequest+0x87 00000021`8e0bf6e0 000007fe`f7ec85c6 ntdll!TppExecuteWaitCallback+0x151 00000021`8e0bf750 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000021`8e0bf9f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8e0bfa20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c41080 Cid 0c80.056c Teb: 000007f6c41d9000 Win32Thread: fffff90103fc23d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c41360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address iertutil!IsoManagerThreadNonzero_WindowsPump (0x000007fef61831f0) Stack Init fffff88015520dd0 Current fffff8801551fec0 Base fffff88015521000 Limit fffff8801551b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1551ff00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15520040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15520100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15520190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`155201f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15520270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`15520330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`155203c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`15520470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15520980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15520bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15520c40) 00000021`8ecdf9b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8ecdf9c0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8ecdfca0 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000021`8ecdfd50 000007fe`f61832bd iertutil!IsoThreadWindowsPumpInit+0x35c 00000021`8ecdfe10 000007fe`f601167e iertutil!IsoManagerThreadNonzero_WindowsPump+0xcd 00000021`8ecdfe90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8ecdfec0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80036922c0 Cid 0c80.0ec8 Teb: 000007f6c41d7000 Win32Thread: fffff90103f68710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80036925a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEFRAME!MTAThread (0x000007fee47c2b10) Stack Init fffff88015573dd0 Current fffff88015572f50 Base fffff88015574000 Limit fffff8801556e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15572f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155730d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15573190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15573220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`15573280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15573300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`155733c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15573470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15573980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15573bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15573c40) 00000021`8edef4b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8edef4c0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8edef7a0 000007fe`e47c2b91 KERNEL32!WaitForMultipleObjects+0x12 00000021`8edef7e0 000007fe`f601167e IEFRAME!MTAThread+0x82 00000021`8edef840 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8edef870 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002ccf200 Cid 0c80.0fdc Teb: 000007f6c41d5000 Win32Thread: fffff901006166f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ccf4e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 617 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171c4dd0 Current fffff880171c4530 Base fffff880171c5000 Limit fffff880171bf000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171c4570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171c46b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`171c4770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`171c4800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`171c4860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`171c48e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`171c49a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`171c4a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`171c4ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`171c4c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171c4c40) 00000021`8eeefa68 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`8eeefa70 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`8eeefd10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8eeefd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cee240 Cid 0c80.0fa8 Teb: 000007f6c41d3000 Win32Thread: fffff90103fa79f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cee520 NotificationEvent IRP List: fffffa80041587b0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 529 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155ffdd0 Current fffff880155ff530 Base fffff88015600000 Limit fffff880155fa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`155ff570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155ff6b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`155ff770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`155ff800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`155ff860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`155ff8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`155ff9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`155ffa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`155ffae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155ffc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155ffc40) 00000021`8efef848 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`8efef850 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`8efefaf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8efefb20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cba240 Cid 0c80.0370 Teb: 000007f6c40ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cba520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015806dd0 Current fffff88015805ec0 Base fffff88015807000 Limit fffff88015801000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15805f00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15806040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15806100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15806190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158061f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15806270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`15806330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`158063c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`15806470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15806980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15806bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15806c40) 00000021`8f0ef218 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8f0ef220 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8f0ef500 000007fe`f7b31a03 combase!WaitCoalesced+0x96 00000021`8f0ef750 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 00000021`8f0ef7a0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000021`8f0efa10 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000021`8f0efa40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f0efa70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002cb9200 Cid 0c80.0f58 Teb: 000007f6c40aa000 Win32Thread: fffff901000e0580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cb94e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff88015814dd0 Current fffff88015813ec0 Base fffff88015815000 Limit fffff8801580f000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15813f00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15814040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15814100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15814190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158141f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15814270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`15814330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`158143c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`15814470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15814980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15814bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15814c40) 00000021`8f38f588 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8f38f590 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8f38f870 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000021`8f38f920 000007fe`f6183be2 iertutil!IsoThreadWindowsPumpInit+0x35c 00000021`8f38f9e0 000007fe`f61831bf iertutil!IsoThreadWindowsPump+0x12 00000021`8f38fa10 000007fe`f601167e iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread+0x6f 00000021`8f38fa40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f38fa70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002caa080 Cid 0c80.0e64 Teb: 000007f6c40a8000 Win32Thread: fffff9010060b010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002caa360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEFRAME!MTACoreApplicationThread (0x000007fee48a5f70) Stack Init fffff88015822dd0 Current fffff88015821f50 Base fffff88015823000 Limit fffff8801581d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15821f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158220d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15822190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15822220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`15822280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15822300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`158223c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15822470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15822980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15822bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15822c40) 00000021`8f48f488 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8f48f490 000007fe`e8a4caf8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8f48f770 000007fe`e8a4c994 twinapi!Event::WaitWithFreeUnusedLibraries+0xb8 00000021`8f48f9e0 000007fe`e48a5fd1 twinapi!Windows::ApplicationModel::Core::CoreApplicationFactory::RunInternal+0x114 00000021`8f48fa40 000007fe`f601167e IEFRAME!MTACoreApplicationThread+0x61 00000021`8f48fa70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f48faa0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800363c080 Cid 0c80.0038 Teb: 000007f6c40a6000 Win32Thread: fffff9010060b580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800363c360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801581bdd0 Current fffff8801581af50 Base fffff8801581c000 Limit fffff88015816000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1581af90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1581b0d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1581b190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1581b220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1581b280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1581b300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`1581b3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1581b470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1581b980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1581bbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1581bc40) 00000021`8f68f128 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8f68f130 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8f68f410 000007fe`f7b8bbd5 user32!MsgWaitForMultipleObjectsEx+0x144 00000021`8f68f4c0 000007fe`f7b8ba8c combase!ASTAWaitContext::KernelWait+0x55 00000021`8f68f520 000007fe`f7b8c2cd combase!ASTAWaitContext::Wait+0x21c 00000021`8f68f7c0 000007fe`f7b8c1e1 combase!ASTAWaitInNewContext+0xc5 00000021`8f68f8b0 000007fe`f7b69b62 combase!ASTAThreadWaitForHandles+0x71 00000021`8f68f920 000007fe`e48a6b4c combase!CoWaitForMultipleHandles+0xda 00000021`8f68f960 000007fe`e48a6a9c IEFRAME!IMMessageDispatcher::RunMessageLoop+0xa0 00000021`8f68f9b0 000007fe`e8a517ac IEFRAME!CIMFrameworkView::Run+0x10 00000021`8f68f9e0 000007fe`e8a518be twinapi!Windows::ApplicationModel::Core::CoreApplicationView::Run+0x30 00000021`8f68fa10 000007fe`f2ef410c twinapi!Microsoft::WRL::Details::CreateActivationFactory+0x35e 00000021`8f68fa60 000007fe`f601167e shcore!COplockFileHandle::v_GetHandlerCLSID+0x12c 00000021`8f68fb50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f68fb80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018bc240 Cid 0c80.0f50 Teb: 000007f6c40a4000 Win32Thread: fffff901006135f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018bc520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801589cdd0 Current fffff8801589c530 Base fffff8801589d000 Limit fffff88015897000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1589c570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1589c6b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1589c770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1589c800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1589c860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1589c8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`1589c9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1589ca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1589cae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1589cc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1589cc40) 00000021`8f8bf9a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`8f8bf9b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`8f8bfc50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f8bfc80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003610080 Cid 0c80.0e54 Teb: 000007f6c40a2000 Win32Thread: fffff90103fc29f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003610360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880158aadd0 Current fffff880158a9f50 Base fffff880158ab000 Limit fffff880158a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158a9f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158aa0d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158aa190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158aa220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158aa280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158aa300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`158aa3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`158aa470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`158aa980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`158aabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158aac40) 00000021`8f9bf498 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8f9bf4a0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8f9bf780 000007fe`e68d106f user32!MsgWaitForMultipleObjectsEx+0x144 00000021`8f9bf830 000007fe`e68d84a6 IEUI!CoreSC::Wait+0x5f 00000021`8f9bf880 000007fe`e68d869e IEUI!CoreSC::xwProcessNL+0xe4 00000021`8f9bf8f0 000007fe`e68d85c5 IEUI!GetMessageExA+0x7b 00000021`8f9bf940 000007fe`f782707b IEUI!ResourceManager::SharedThreadProc+0xe9 00000021`8f9bf9d0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000021`8f9bfa00 000007fe`f601167e msvcrt!endthreadex+0xac 00000021`8f9bfa30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8f9bfa60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002db7900 Cid 0c80.0c9c Teb: 000007f6c40a0000 Win32Thread: fffff901006ab680 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002db7be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 473 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b1dd0 Current fffff880158b1530 Base fffff880158b2000 Limit fffff880158ac000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158b1570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158b16b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158b1770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158b1800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158b1860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158b18e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`158b19a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`158b1a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`158b1ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158b1c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158b1c40) 00000021`8fabf558 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`8fabf560 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`8fabf800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8fabf830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800210a780 Cid 0c80.0650 Teb: 000007f6c409a000 Win32Thread: fffff901006bb010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800210aa60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 3877 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158a3dd0 Current fffff880158a3530 Base fffff880158a4000 Limit fffff8801589e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158a3570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158a36b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158a3770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158a3800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158a3860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158a38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`158a39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`158a3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`158a3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158a3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158a3c40) 00000021`8fdbf948 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`8fdbf950 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`8fdbfbf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8fdbfc20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d65240 Cid 0c80.0f40 Teb: 000007f6c4098000 Win32Thread: fffff901000d4010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d65520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 122 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff880158c6dd0 Current fffff880158c5ec0 Base fffff880158c7000 Limit fffff880158c1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158c5f00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158c6040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158c6100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158c6190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158c61f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158c6270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`158c6330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`158c63c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`158c6470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`158c6980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`158c6bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158c6c40) 00000021`8febf9f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000021`8febfa00 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000021`8febfce0 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000021`8febfd90 000007fe`f6183be2 iertutil!IsoThreadWindowsPumpInit+0x35c 00000021`8febfe50 000007fe`f61831bf iertutil!IsoThreadWindowsPump+0x12 00000021`8febfe80 000007fe`f601167e iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread+0x6f 00000021`8febfeb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`8febfee0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d52200 Cid 0c80.0ad8 Teb: 000007f6c4094000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d524e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158cddd0 Current fffff880158cd530 Base fffff880158ce000 Limit fffff880158c8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158cd570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158cd6b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158cd770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158cd800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158cd860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158cd8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`158cd9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`158cda50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`158cdae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158cdc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158cdc40) 00000021`9025f668 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`9025f670 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`9025f910 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`9025f940 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d53240 Cid 0c80.0dec Teb: 000007f6c4092000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d53520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1073 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155e3dd0 Current fffff880155e3530 Base fffff880155e4000 Limit fffff880155de000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`155e3570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155e36b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`155e3770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`155e3800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`155e3860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`155e38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`155e39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`155e3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`155e3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155e3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155e3c40) 00000021`9068f968 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`9068f970 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`9068fc10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`9068fc40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e70340 Cid 0c80.0c40 Teb: 000007f6c40ac000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e70620 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88016407dd0 Current fffff880164075b0 Base fffff88016408000 Limit fffff88016402000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`164075f0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16407730 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`164077f0 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`16407880 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`164078e0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`16407960 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`16407a20 fffff802`b3e257a4 nt!KeWaitForSingleObject+0x1cf fffff880`16407ab0 fffff802`b3e8418b nt!EtwpReceiveNotification+0x6c fffff880`16407b20 fffff802`b3b02d53 nt!NtTraceControl+0x337 fffff880`16407bd0 000007fe`f7ec459b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16407c40) 00000021`936df808 000007fe`f7f257f8 ntdll!NtTraceControl+0xa 00000021`936df810 000007fe`f601167e ntdll!EtwpNotificationThread+0x4c 00000021`936df970 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`936df9a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b84b00 Cid 0c80.0978 Teb: 000007f6c409e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003b84de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88016342dd0 Current fffff880163426d0 Base fffff88016343000 Limit fffff8801633d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16342710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16342850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16342910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`163429a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`16342a00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`16342a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`16342b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16342bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16342c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16342c40) 00000021`90b7ef08 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 00000021`90b7ef10 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 00000021`90b7ef90 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 00000021`90b7f130 000007fe`f59e008b WS2_32!select+0x185 00000021`90b7f220 000007fe`f601167e WININET!ICAsyncThread::SelectThread+0x1fb 00000021`90b7f910 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`90b7f940 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d7d4c0 Cid 0c80.0af0 Teb: 000007f6c409c000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d7d7a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015141dd0 Current fffff88015141530 Base fffff88015142000 Limit fffff8801513c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15141570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`151416b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15141770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15141800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`15141860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`151418e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`151419a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15141a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15141ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15141c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15141c40) 00000021`937dfa78 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000021`937dfa80 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000021`937dfd20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`937dfd50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f5b900 Cid 0c80.0944 Teb: 000007f6c4096000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001f5bbe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff8801515ddd0 Current fffff8801515d570 Base fffff8801515e000 Limit fffff88015158000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1515d5b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1515d6f0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1515d7b0 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1515d840 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1515d8a0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1515d920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`1515d9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1515da90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`1515db20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`1515dbd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1515dc40) 00000021`938dfab8 000007fe`f4645a19 ntdll!NtRemoveIoCompletion+0xa 00000021`938dfac0 000007fe`f601167e mswsock!SockAsyncThread+0x8f 00000021`938dfb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000021`938dfb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8003816940 SessionId: 2 Cid: 0d04 Peb: 7f6c3aca000 ParentCid: 0c80 DeepFreeze DirBase: 34024000 ObjectTable: fffff8a001749a00 HandleCount: Image: iexplore.exe VadRoot fffffa80036e0ad0 Vads 520 Clone 0 Private 9065. Modified 19575. Locked 728. DeviceMap fffff8a000290b20 Token fffff8a002d4c500 ElapsedTime 00:15:04.230 UserTime 00:00:00.202 KernelTime 00:00:00.109 QuotaPoolUsage[PagedPool] 477096 QuotaPoolUsage[NonPagedPool] 81152 Working Set Sizes (now,min,max) (50713, 50, 345) (202852KB, 200KB, 1380KB) PeakWorkingSetSize 51043 VirtualSize 300 Mb PeakVirtualSize 357 Mb PageFaultCount 148600 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 9242 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8003816940 THREAD fffffa8002ca7080 Cid 0d04.0968 Teb: 000007f6c3ace000 Win32Thread: fffff90103fa73d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ca7360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff8801580ddd0 Current fffff8801580cec0 Base fffff8801580e000 Limit fffff88015808000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1580cf00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1580d040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1580d100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1580d190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1580d1f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1580d270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`1580d330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1580d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1580d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1580d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1580dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1580dc40) 00000022`79afeef8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`79afef00 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`79aff1e0 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000022`79aff290 000007fe`f61857b2 iertutil!IsoThreadWindowsPumpInit+0x35c 00000022`79aff350 000007fe`e484abcd iertutil!IsoManagerThreadZero_WindowsPump+0x72 00000022`79aff380 000007f6`c49b107c IEFRAME!LCIEStartAsTabProcess+0x441 00000022`79aff510 000007f6`c49b1027 iexplore!wWinMain+0x3c2 00000022`79aff860 000007fe`f601167e iexplore!_imp_load_WaitForInputIdle+0x2ee 00000022`79aff920 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`79aff950 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004154080 Cid 0d04.08f8 Teb: 000007f6c3ac8000 Win32Thread: fffff901006b9b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004154360 NotificationEvent Waiting for reply to ALPC Message fffff8a006909990 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 670 IdealProcessor: 0 UserTime 00:00:00.109 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801631fdd0 Current fffff8801631f430 Base fffff88016320000 Limit fffff8801631a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1631f470 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1631f5b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1631f670 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1631f700 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1631f760 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1631f7e0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`1631f8a0 fffff802`b3af1a0a nt!KeWaitForSingleObject+0x1cf fffff880`1631f930 fffff802`b3ebbbd6 nt!AlpcpSignalAndWait+0x34a fffff880`1631f9e0 fffff802`b3ebb762 nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1631fa40 fffff802`b3ec19c2 nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1631fb20 fffff802`b3b02d53 nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1631fbd0 000007fe`f7ec347b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1631fc40) 00000022`7c4ff128 000007fe`f5be493f ntdll!NtAlpcSendWaitReceivePort+0xa 00000022`7c4ff130 000007fe`f5be47c6 RPCRT4!LRPC_BASE_CCALL::DoSendReceive+0xef 00000022`7c4ff1e0 000007fe`f5cf19b6 RPCRT4!LRPC_BASE_CCALL::SendReceive+0x36 00000022`7c4ff220 000007fe`f5cf24fd RPCRT4!NdrpClientCall2+0xa5e 00000022`7c4ff980 000007fe`f7ba8acc RPCRT4!NdrClientCall2+0x1d 00000022`7c4ff9b0 000007fe`f7b3fc05 combase!CComApartment::CleanupRemoting+0x163 00000022`7c4ffa20 000007fe`f7b404fa combase!ApartmentUninitialize+0x1d5 00000022`7c4ffab0 000007fe`f7b375ab combase!wCoUninitialize+0x197 00000022`7c4ffae0 000007fe`e47f8c24 combase!CoUninitialize+0x143 00000022`7c4ffb40 000007fe`e4799a2b IEFRAME!CTravelLogRecoveryDataProxy::TravelLogRecoveryDataProxy_ThreadProc+0x70 00000022`7c4ffb70 000007fe`f7ed7f59 IEFRAME!ExecuteWorkItemThreadProc+0x33 00000022`7c4ffba0 000007fe`f7ec8842 ntdll!RtlpTpWorkCallback+0x189 00000022`7c4ffc90 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000022`7c4fff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7c4fff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001dd6b00 Cid 0d04.0728 Teb: 000007f6c3ac6000 Win32Thread: fffff901006b7860 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dd6de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880162afdd0 Current fffff880162aeec0 Base fffff880162b0000 Limit fffff880162aa000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162aef00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162af040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`162af100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`162af190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`162af1f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`162af270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`162af330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`162af3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`162af470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`162af980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`162afbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162afc40) 00000022`7c5ff588 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7c5ff590 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7c5ff870 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000022`7c5ff920 000007fe`f61832bd iertutil!IsoThreadWindowsPumpInit+0x35c 00000022`7c5ff9e0 000007fe`e697467d iertutil!IsoManagerThreadNonzero_WindowsPump+0xcd 00000022`7c5ffa60 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7c5ffab0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7c5ffae0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001decb00 Cid 0d04.0c54 Teb: 000007f6c399e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001decde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016326dd0 Current fffff88016325ec0 Base fffff88016327000 Limit fffff88016321000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16325f00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16326040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16326100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`16326190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`163261f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`16326270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`16326330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`163263c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`16326470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16326980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16326bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16326c40) 00000022`7c7fef98 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7c7fefa0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7c7ff280 000007fe`f7b31a03 combase!WaitCoalesced+0x96 00000022`7c7ff4d0 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 00000022`7c7ff520 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000022`7c7ff790 000007fe`e697467d combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000022`7c7ff7c0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7c7ff810 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7c7ff840 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800415a5c0 Cid 0d04.0f90 Teb: 000007f6c399c000 Win32Thread: fffff901006a9830 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800415a8a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12394 IdealProcessor: 0 UserTime 00:00:02.683 KernelTime 00:00:00.811 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880162bddd0 Current fffff880162bd540 Base fffff880162be000 Limit fffff880162b8000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162bd580 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162bd6c0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`162bd780 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`162bd810 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`162bd870 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`162bd8f0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`162bd9b0 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`162bda40 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`162bdaf0 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`162bdbc0 fffff960`001f0c6f win32k!xxxSleepThread+0xc5 fffff880`162bdc10 fffff802`b3b02d53 win32k!NtUserWaitMessage+0x40 fffff880`162bdc40 000007fe`f56c29aa nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162bdc40) 00000022`7cafc778 000007fe`e4773d2f user32!NtUserWaitMessage+0xa 00000022`7cafc780 000007fe`e484aa44 IEFRAME!CTabWindow::_TabWindowThreadProc+0xe71 00000022`7caffa00 000007fe`f61831bf IEFRAME!LCIETab_ThreadProc+0x374 00000022`7caffb20 000007fe`e697467d iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread+0x6f 00000022`7caffb50 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7caffba0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7caffbd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e58b00 Cid 0d04.0c70 Teb: 000007f6c3998000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e58de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 256 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016229dd0 Current fffff880162296d0 Base fffff8801622a000 Limit fffff88016224000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16229710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16229850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16229910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`162299a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`16229a00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`16229a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`16229b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16229bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16229c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16229c40) 00000022`7da1f198 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 00000022`7da1f1a0 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 00000022`7da1f220 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 00000022`7da1f3c0 000007fe`f59e008b WS2_32!select+0x185 00000022`7da1f4b0 000007fe`e697467d WININET!ICAsyncThread::SelectThread+0x1fb 00000022`7da1fba0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7da1fbf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7da1fc20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e52b00 Cid 0d04.085c Teb: 000007f6c3996000 Win32Thread: fffff901000e0b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e52de0 NotificationEvent IRP List: fffffa80018ed010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 542 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161f0dd0 Current fffff880161f0530 Base fffff880161f1000 Limit fffff880161eb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`161f0570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161f06b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`161f0770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`161f0800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`161f0860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`161f08e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`161f09a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`161f0a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`161f0ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161f0c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161f0c40) 00000022`7dc1fa48 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7dc1fa50 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7dc1fcf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7dc1fd20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800418ab00 Cid 0d04.0de0 Teb: 000007f6c3994000 Win32Thread: fffff901006c7b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418ade0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 229 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161dbdd0 Current fffff880161db530 Base fffff880161dc000 Limit fffff880161d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`161db570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`161db6b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`161db770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`161db800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`161db860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`161db8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`161db9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`161dba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`161dbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161dbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161dbc40) 00000022`7dd1f938 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7dd1f940 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7dd1fbe0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7dd1fc10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800418a380 Cid 0d04.0f74 Teb: 000007f6c3990000 Win32Thread: fffff901006c5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418a660 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 220 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016237dd0 Current fffff88016237530 Base fffff88016238000 Limit fffff88016232000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16237570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`162376b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16237770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`16237800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`16237860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`162378e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`162379a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16237a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16237ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16237c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16237c40) 00000022`7df1f948 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7df1f950 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7df1fbf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7df1fc20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c3e3c0 Cid 0d04.0864 Teb: 000007f6c398e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c3e6a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff8801637add0 Current fffff8801637a570 Base fffff8801637b000 Limit fffff88016375000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1637a5b0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1637a6f0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1637a7b0 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1637a840 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1637a8a0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1637a920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`1637a9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1637aa90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`1637ab20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`1637abd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1637ac40) 00000022`7e01fa38 000007fe`f4645a19 ntdll!NtRemoveIoCompletion+0xa 00000022`7e01fa40 000007fe`e697467d mswsock!SockAsyncThread+0x8f 00000022`7e01faa0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7e01faf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e01fb20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e74080 Cid 0d04.0e60 Teb: 000007f6c398c000 Win32Thread: fffff901006bd010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e74360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 54 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017211dd0 Current fffff880172116d0 Base fffff88017212000 Limit fffff8801720c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17211710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17211850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17211910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`172119a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`17211a00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`17211a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`17211b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`17211bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`17211c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17211c40) 00000022`7e11f6e8 000007fe`e8a61b7c ntdll!NtWaitForSingleObject+0xa 00000022`7e11f6f0 000007fe`f7ee3e4d twinapi!PsmpHandleQuiesceRequest+0xa0 00000022`7e11f740 000007fe`f7ec85c6 ntdll!TppExecuteWaitCallback+0x151 00000022`7e11f7b0 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000022`7e11fa50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e11fa80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80026a3b00 Cid 0d04.0cc0 Teb: 000007f6c398a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80026a3de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158e9dd0 Current fffff880158e9530 Base fffff880158ea000 Limit fffff880158e4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158e9570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158e96b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158e9770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158e9800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158e9860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158e98e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`158e99a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`158e9a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`158e9ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158e9c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158e9c40) 00000022`7e31faa8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`7e31fab0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`7e31fd50 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e31fd80 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002064080 Cid 0d04.0fe0 Teb: 000007f6c3986000 Win32Thread: fffff901006d3010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002064360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 195 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88016400dd0 Current fffff880163fff50 Base fffff88016401000 Limit fffff880163fb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`163fff90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`164000d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16400190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`16400220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`16400280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`16400300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`164003c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16400470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16400980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16400bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16400c40) 00000022`7e70f418 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7e70f420 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7e70f700 000007fe`f7b6943b user32!MsgWaitForMultipleObjectsEx+0x144 00000022`7e70f7b0 000007fe`f7b69d4a combase!CCliModalLoop::BlockFn+0x12f 00000022`7e70f860 000007fe`f7b69b62 combase!ClassicSTAThreadWaitForHandles+0x106 00000022`7e70f970 000007fe`e37d3420 combase!CoWaitForMultipleHandles+0xda 00000022`7e70f9b0 000007fe`e398e492 MSHTML!CDwnTaskExec::ThreadExec+0x163 00000022`7e70f9f0 000007fe`e697467d MSHTML!CExecFT::ThreadProc+0x4e 00000022`7e70fa20 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7e70fa70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e70faa0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8004050b00 Cid 0d04.0b5c Teb: 000007f6c3984000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004050de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 104 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880172f2dd0 Current fffff880172f1f50 Base fffff880172f3000 Limit fffff880172ed000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`172f1f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172f20d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`172f2190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`172f2220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`172f2280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`172f2300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`172f23c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`172f2470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`172f2980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`172f2bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172f2c40) 00000022`7e80fa88 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7e80fa90 000007fe`e69c1b8c KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7e80fd70 000007fe`e6b1acb8 jscript9!Recycler::ThreadProc+0xfc 00000022`7e80fe20 000007fe`f782707b jscript9!Recycler::StaticThreadProc+0x18 00000022`7e80fe70 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000022`7e80fea0 000007fe`e697467d msvcrt!endthreadex+0xac 00000022`7e80fed0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7e80ff20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e80ff50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d27080 Cid 0d04.0c4c Teb: 000007f6c3982000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d27360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 686 IdealProcessor: 0 UserTime 00:00:00.405 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88014f2cdd0 Current fffff88014f2c6d0 Base fffff88014f2d000 Limit fffff88014f27000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14f2c710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14f2c850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`14f2c910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`14f2c9a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`14f2ca00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`14f2ca80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`14f2cb40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`14f2cbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`14f2cc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f2cc40) 00000022`7e90f938 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000022`7e90f940 000007fe`e69c2356 KERNELBASE!WaitForSingleObjectEx+0x92 00000022`7e90f9e0 000007fe`e69c23f2 jscript9!Event::Wait+0x16 00000022`7e90fa10 000007fe`e6b1221e jscript9!JsUtil::BackgroundJobProcessor::Run+0x172 00000022`7e90fa60 000007fe`f782707b jscript9!JsUtil::BackgroundJobProcessor::StaticThreadProc+0x4e 00000022`7e90fab0 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000022`7e90fae0 000007fe`e697467d msvcrt!endthreadex+0xac 00000022`7e90fb10 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7e90fb60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7e90fb90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d24240 Cid 0d04.0cec Teb: 000007f6c3980000 Win32Thread: fffff901006d3b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d24520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 156 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.031 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880158dbdd0 Current fffff880158daf50 Base fffff880158dc000 Limit fffff880158d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158daf90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158db0d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158db190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158db220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158db280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158db300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`158db3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`158db470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`158db980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`158dbbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158dbc40) 00000022`7ea2f548 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7ea2f550 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7ea2f830 000007fe`f7b6943b user32!MsgWaitForMultipleObjectsEx+0x144 00000022`7ea2f8e0 000007fe`f7b69d4a combase!CCliModalLoop::BlockFn+0x12f 00000022`7ea2f990 000007fe`f7b69b62 combase!ClassicSTAThreadWaitForHandles+0x106 00000022`7ea2faa0 000007fe`e37d3420 combase!CoWaitForMultipleHandles+0xda 00000022`7ea2fae0 000007fe`e398e492 MSHTML!CDwnTaskExec::ThreadExec+0x163 00000022`7ea2fb20 000007fe`e697467d MSHTML!CExecFT::ThreadProc+0x4e 00000022`7ea2fb50 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7ea2fba0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7ea2fbd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020b8b00 Cid 0d04.0a4c Teb: 000007f6c397c000 Win32Thread: fffff901006d5010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80020b8de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 153 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880154f6dd0 Current fffff880154f63c0 Base fffff880154f7000 Limit fffff880154f1000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`154f6400 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`154f6540 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`154f6600 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`154f6690 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`154f66f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`154f6770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`154f6830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`154f68c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`154f6970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`154f6a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`154f6a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`154f6bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`154f6c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154f6c40) 00000022`7f1af928 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 00000022`7f1af930 000007fe`e399811a user32!GetMessageW+0x25 00000022`7f1af960 000007fe`e697467d MSHTML!CIndependentHitTestManager::IndependentHitTestThreadProc+0xaa 00000022`7f1af9c0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7f1afa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7f1afa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001dfb080 Cid 0d04.0c6c Teb: 000007f6c397a000 Win32Thread: fffff9010069bb90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dfb360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88015948dd0 Current fffff880159486d0 Base fffff88015949000 Limit fffff88015943000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15948710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15948850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15948910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`159489a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`15948a00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15948a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`15948b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`15948bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`15948c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15948c40) 00000022`7f2af9f8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000022`7f2afa00 000007fe`e34e4a26 KERNELBASE!WaitForSingleObjectEx+0x92 00000022`7f2afaa0 000007fe`e398e492 MSHTML!CTimerMan::ThreadExec+0x12b 00000022`7f2afaf0 000007fe`e697467d MSHTML!CExecFT::ThreadProc+0x4e 00000022`7f2afb20 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7f2afb70 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7f2afba0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003629900 Cid 0d04.05a0 Teb: 000007f6c3978000 Win32Thread: fffff901006d5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003629be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1296 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff880158e2dd0 Current fffff880158e1f50 Base fffff880158e3000 Limit fffff880158dd000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`158e1f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`158e20d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`158e2190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`158e2220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`158e2280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`158e2300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`158e23c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`158e2470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`158e2980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`158e2bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158e2c40) 00000022`7f3af478 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`7f3af480 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`7f3af760 000007fe`e37c7baa KERNEL32!WaitForMultipleObjects+0x12 00000022`7f3af7a0 000007fe`e399ae9a MSHTML!CVSyncProvider::Run+0x205 00000022`7f3afa10 000007fe`e697467d MSHTML!CVSyncProvider::RunThread+0x26 00000022`7f3afa40 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`7f3afa90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`7f3afac0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800404cb00 Cid 0d04.0508 Teb: 000007f6c3976000 Win32Thread: fffff90103fe5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800404cde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff88017248dd0 Current fffff88017247f50 Base fffff88017249000 Limit fffff88017243000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17247f90 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172480d0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17248190 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`17248220 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`17248280 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`17248300 fffff802`b3b293cd nt!KiCommitThreadWait+0x4b0 fffff880`172483c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17248470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17248980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17248bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17248c40) 00000022`0446f618 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000022`0446f620 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000022`0446f900 000007fe`e68d106f user32!MsgWaitForMultipleObjectsEx+0x144 00000022`0446f9b0 000007fe`e68d84a6 IEUI!CoreSC::Wait+0x5f 00000022`0446fa00 000007fe`e68d869e IEUI!CoreSC::xwProcessNL+0xe4 00000022`0446fa70 000007fe`e68d85c5 IEUI!GetMessageExA+0x7b 00000022`0446fac0 000007fe`f782707b IEUI!ResourceManager::SharedThreadProc+0xe9 00000022`0446fb50 000007fe`f7845e6d msvcrt!endthreadex+0xcb 00000022`0446fb80 000007fe`e697467d msvcrt!endthreadex+0xac 00000022`0446fbb0 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000022`0446fc00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`0446fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800398db00 Cid 0d04.03ac Teb: 000007f6c3974000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800398dde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea0dd0 Current fffff88015ea0530 Base fffff88015ea1000 Limit fffff88015e9b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15ea0570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15ea06b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15ea0770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`15ea0800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`15ea0860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`15ea08e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`15ea09a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15ea0a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15ea0ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ea0c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ea0c40) 00000022`0456f9f8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000022`0456fa00 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000022`0456fca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`0456fcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800200f480 Cid 0d04.0398 Teb: 000007f6c399a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800200f760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8800319bdd0 Current fffff8800319b5b0 Base fffff8800319c000 Limit fffff88003196000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`0319b5f0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0319b730 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`0319b7f0 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`0319b880 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`0319b8e0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`0319b960 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`0319ba20 fffff802`b3e257a4 nt!KeWaitForSingleObject+0x1cf fffff880`0319bab0 fffff802`b3e8418b nt!EtwpReceiveNotification+0x6c fffff880`0319bb20 fffff802`b3b02d53 nt!NtTraceControl+0x337 fffff880`0319bbd0 000007fe`f7ec459b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0319bc40) 00000022`048efd58 000007fe`f7f257f8 ntdll!NtTraceControl+0xa 00000022`048efd60 000007fe`f601167e ntdll!EtwpNotificationThread+0x4c 00000022`048efec0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000022`048efef0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001f7b7c0 SessionId: 2 Cid: 0e74 Peb: 7f6c39d9000 ParentCid: 0c80 DeepFreeze DirBase: 6772a000 ObjectTable: fffff8a0084321c0 HandleCount: Image: iexplore.exe VadRoot fffffa800388ba00 Vads 97 Clone 0 Private 364. Modified 1. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0068d58c0 ElapsedTime 00:14:58.099 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 221744 QuotaPoolUsage[NonPagedPool] 12656 Working Set Sizes (now,min,max) (2105, 50, 345) (8420KB, 200KB, 1380KB) PeakWorkingSetSize 2113 VirtualSize 111 Mb PeakVirtualSize 113 Mb PageFaultCount 2275 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 610 Job fffffa80033d9060 Setting context for this process... .process /p /r fffffa8001f7b7c0 THREAD fffffa8001d50700 Cid 0e74.0184 Teb: 000007f6c39de000 Win32Thread: fffff90103fed5e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d509e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00) Stack Init fffff880171f5dd0 Current fffff880171f4ec0 Base fffff880171f6000 Limit fffff880171f0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171f4f00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171f5040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`171f5100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`171f5190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`171f51f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`171f5270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`171f5330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`171f53c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`171f5470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`171f5980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`171f5bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171f5c40) 00000047`cd40f3b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000047`cd40f3c0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000047`cd40f6a0 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000047`cd40f750 000007fe`f61857b2 iertutil!IsoThreadWindowsPumpInit+0x35c 00000047`cd40f810 000007fe`e484abcd iertutil!IsoManagerThreadZero_WindowsPump+0x72 00000047`cd40f840 000007f6`c49b107c IEFRAME!LCIEStartAsTabProcess+0x441 00000047`cd40f9d0 000007f6`c49b1027 iexplore!wWinMain+0x3c2 00000047`cd40fd20 000007fe`f601167e iexplore!_imp_load_WaitForInputIdle+0x2ee 00000047`cd40fde0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000047`cd40fe10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018ffb00 Cid 0e74.0b44 Teb: 000007f6c39dc000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018ffde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 52 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017076dd0 Current fffff880170766d0 Base fffff88017077000 Limit fffff88017071000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`17076710 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17076850 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17076910 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`170769a0 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`17076a00 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`17076a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`17076b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`17076bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`17076c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17076c40) 00000047`cd7bf458 000007fe`e8a61b7c ntdll!NtWaitForSingleObject+0xa 00000047`cd7bf460 000007fe`f7ee3e4d twinapi!PsmpHandleQuiesceRequest+0xa0 00000047`cd7bf4b0 000007fe`f7ec85c6 ntdll!TppExecuteWaitCallback+0x151 00000047`cd7bf520 000007fe`f601167e ntdll!TppWorkerThread+0x388 00000047`cd7bf7c0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000047`cd7bf7f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800377f080 Cid 0e74.0844 Teb: 000007f6c39da000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800377f360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dc8dd0 Current fffff88003dc8530 Base fffff88003dc9000 Limit fffff88003dc3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`03dc8570 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03dc86b0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03dc8770 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`03dc8800 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`03dc8860 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`03dc88e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x4b0 fffff880`03dc89a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03dc8a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03dc8ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03dc8c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dc8c40) 00000047`cf34fc68 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000047`cf34fc70 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000047`cf34ff10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000047`cf34ff40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003eff080 Cid 0e74.00e0 Teb: 000007f6c39d7000 Win32Thread: fffff901006e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003eff360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4) Stack Init fffff8801700ddd0 Current fffff8801700cec0 Base fffff8801700e000 Limit fffff88017008000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1700cf00 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1700d040 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1700d100 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1700d190 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1700d1f0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1700d270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`1700d330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`1700d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`1700d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1700d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1700dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1700dc40) 00000047`cff8f378 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000047`cff8f380 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000047`cff8f660 000007fe`f6172479 user32!MsgWaitForMultipleObjectsEx+0x144 00000047`cff8f710 000007fe`f61832bd iertutil!IsoThreadWindowsPumpInit+0x35c 00000047`cff8f7d0 000007fe`e697467d iertutil!IsoManagerThreadNonzero_WindowsPump+0xcd 00000047`cff8f850 000007fe`f601167e IEShims!NS_CreateThread::ImmersiveIE_ThreadProc+0x75 00000047`cff8f8a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000047`cff8f8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003e46080 Cid 0e74.0a0c Teb: 000007f6c38ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003e46360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8801615ddd0 Current fffff8801615d5b0 Base fffff8801615e000 Limit fffff88016158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1615d5f0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1615d730 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1615d7f0 fffff802`b3aea5e9 nt!KeWaitForSingleObject+0x1cf fffff880`1615d880 fffff802`b3b65940 nt!KiSchedulerApc+0x8d fffff880`1615d8e0 fffff802`b3b2dc12 nt!KiDeliverApc+0x1f0 fffff880`1615d960 fffff802`b3b29c1f nt!KiCommitThreadWait+0x4b0 fffff880`1615da20 fffff802`b3e257a4 nt!KeWaitForSingleObject+0x1cf fffff880`1615dab0 fffff802`b3e8418b nt!EtwpReceiveNotification+0x6c fffff880`1615db20 fffff802`b3b02d53 nt!NtTraceControl+0x337 fffff880`1615dbd0 000007fe`f7ec459b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1615dc40) 00000047`d038f9d8 000007fe`f7f257f8 ntdll!NtTraceControl+0xa 00000047`d038f9e0 000007fe`f601167e ntdll!EtwpNotificationThread+0x4c 00000047`d038fb40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000047`d038fb70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002d74180 SessionId: 2 Cid: 0ca0 Peb: 7f770b7f000 ParentCid: 0d68 DirBase: 08818000 ObjectTable: fffff8a001f18d80 HandleCount: Image: Taskmgr.exe VadRoot fffffa8003e9d1e0 Vads 239 Clone 0 Private 2297. Modified 243564. Locked 0. DeviceMap fffff8a007e2e6a0 Token fffff8a007e3b8c0 ElapsedTime 00:10:57.072 UserTime 00:00:11.325 KernelTime 00:00:26.878 QuotaPoolUsage[PagedPool] 482336 QuotaPoolUsage[NonPagedPool] 31280 Working Set Sizes (now,min,max) (7136, 50, 345) (28544KB, 200KB, 1380KB) PeakWorkingSetSize 7337 VirtualSize 216 Mb PeakVirtualSize 343 Mb PageFaultCount 51873 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2905 Setting context for this process... .process /p /r fffffa8002d74180 THREAD fffffa8003db4740 Cid 0ca0.03e0 Teb: 000007f770b7d000 Win32Thread: fffff90104094830 RUNNING on processor 0 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 31359 IdealProcessor: 0 UserTime 00:00:09.859 KernelTime 00:00:07.394 Win32 Start Address taskmgr!wWinMainCRTStartup (0x000007f770e68688) Stack Init fffff88015925dd0 Current fffff88015925800 Base fffff88015926000 Limit fffff88015920000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15925ae8 fffff802`b400f0dd nt!KeBugCheckEx fffff880`15925af0 fffff802`b3ea8f6d nt!PspCatchCriticalBreak+0xad fffff880`15925b30 fffff802`b3ea8019 nt! ?? ::NNGAKEGL::`string'+0x46f60 fffff880`15925b90 fffff802`b3ea7e52 nt!PspTerminateProcess+0x6d fffff880`15925bd0 fffff802`b3b02d53 nt!NtTerminateProcess+0x9e fffff880`15925c40 000007fe`f7ec2eaa nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15925c40) 000000f0`6e86f3e8 000007fe`f4ff1295 ntdll!NtTerminateProcess+0xa 000000f0`6e86f3f0 000007f7`70e012ba KERNELBASE!TerminateProcess+0x25 000000f0`6e86f420 000007f7`70df3698 taskmgr!WdcProcessMonitor::OnProcessCommand+0x1b6 000000f0`6e86f4b0 000007f7`70df55bb taskmgr!WdcListView::OnProcessCommand+0x1e0 000000f0`6e86f5a0 000007f7`70df5b47 taskmgr!WdcListView::OnCommand+0x123 000000f0`6e86f5f0 000007fe`f2227239 taskmgr!WdcListView::OnMessage+0x287 000000f0`6e86f710 000007fe`f2a82d23 DUI70!DirectUI::HWNDHost::_CtrlWndProc+0xa1 000000f0`6e86f770 000007fe`f56c171e DUser!WndBridge::RawWndProc+0x73 000000f0`6e86f7e0 000007fe`f56c14d7 USER32!UserCallWinProcCheckWow+0x13a 000000f0`6e86f8a0 000007f7`70e1b0e1 USER32!DispatchMessageWorker+0x1a7 000000f0`6e86f920 000007f7`70e685e6 taskmgr!wWinMain+0x44d 000000f0`6e86fde0 000007fe`f601167e taskmgr!CBaseRPCTimeout::Disarm+0x31a 000000f0`6e86fea0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`6e86fed0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039dfb00 Cid 0ca0.0564 Teb: 000007f770b7b000 Win32Thread: fffff90103f44710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003665fe0 SynchronizationEvent fffffa8002cc1d30 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699020 Ticks: 42108 (0:00:10:56.889) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880155d5dd0 Current fffff880155d5180 Base fffff880155d6000 Limit fffff880155d0000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`155d51c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`155d5300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`155d53c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`155d5470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`155d5980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`155d5bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155d5c40) 000000f0`7025f938 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7025f940 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7025fc20 000007fe`f2aa160b USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7025fcd0 000007fe`f2aa15db DUser!CoreSC::xwProcessNL+0x5bb 000000f0`7025fda0 000007fe`f2aa14fe DUser!GetMessageExA+0x6b 000000f0`7025fdf0 000007fe`f782707b DUser!ResourceManager::SharedThreadProc+0xfe 000000f0`7025fe80 000007fe`f7845e6d msvcrt!endthreadex+0xcb 000000f0`7025feb0 000007fe`f601167e msvcrt!endthreadex+0xac 000000f0`7025fee0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7025ff10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003253b00 Cid 0ca0.0d64 Teb: 000007f770b79000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800307aca0 NotificationEvent fffffa80036357a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 653 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159dadd0 Current fffff880159da180 Base fffff880159db000 Limit fffff880159d5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159da1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159da300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`159da3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`159da470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`159da980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`159dabd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159dac40) 000000f0`7238f4f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7238f500 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7238f7e0 000007f7`70dfdc81 KERNEL32!WaitForMultipleObjects+0x12 000000f0`7238f820 000007f7`70dfdf54 taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7238f860 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7238f8a0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7238f8d0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b45b00 Cid 0ca0.0824 Teb: 000007f770b77000 Win32Thread: fffff90103f5cb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003612250 NotificationEvent fffffa8002cb6890 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2818 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.124 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801595ddd0 Current fffff8801595d180 Base fffff8801595e000 Limit fffff88015958000 Call 0 Priority 13 BasePriority 10 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1595d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1595d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1595d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1595d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1595d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1595dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1595dc40) 000000f0`7240f9f8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7240fa00 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7240fce0 000007f7`70dfdc81 KERNEL32!WaitForMultipleObjects+0x12 000000f0`7240fd20 000007f7`70dfdf54 taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7240fd60 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7240fda0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7240fdd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018eab00 Cid 0ca0.0888 Teb: 000007f770b75000 Win32Thread: fffff90103ff8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c81ca0 NotificationEvent fffffa80036767a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 4747 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801594fdd0 Current fffff8801594f180 Base fffff88015950000 Limit fffff8801594a000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`1594f1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1594f300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`1594f3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`1594f470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`1594f980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`1594fbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1594fc40) 000000f0`7248f548 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7248f550 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7248f830 000007f7`70dfdc81 KERNEL32!WaitForMultipleObjects+0x12 000000f0`7248f870 000007f7`70dfdf54 taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7248f8b0 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7248f8f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7248f920 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033f63c0 Cid 0ca0.0e28 Teb: 000007f770b73000 Win32Thread: fffff901006bb710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040844b0 NotificationEvent fffffa8002e58710 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699023 Ticks: 42105 (0:00:10:56.842) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159ccdd0 Current fffff880159cc180 Base fffff880159cd000 Limit fffff880159c7000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`159cc1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159cc300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`159cc3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`159cc470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`159cc980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`159ccbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159ccc40) 000000f0`7250f448 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7250f450 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7250f730 000007f7`70e43c03 USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7250f7e0 000007f7`70dfdf54 taskmgr!WdcAppHistoryMonitor::DoUpdates+0x3f 000000f0`7250f850 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7250f890 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7250f8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f075c0 Cid 0ca0.06d4 Teb: 000007f770a4c000 Win32Thread: fffff901040b5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d94de0 NotificationEvent fffffa800371fc70 SynchronizationEvent fffffa8002d704f0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 19727 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!TmTraceControl::IncrementThread (0x000007f770df1fc4) Stack Init fffff880159efdd0 Current fffff880159ef180 Base fffff880159f0000 Limit fffff880159ea000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`159ef1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159ef300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`159ef3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`159ef470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`159ef980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`159efbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159efc40) 000000f0`7260fb58 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7260fb60 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7260fe40 000007f7`70df2118 KERNEL32!WaitForMultipleObjects+0x12 000000f0`7260fe80 000007fe`f601167e taskmgr!TmTraceControl::IncrementThreadInternal+0x148 000000f0`7260ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7260ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f23b00 Cid 0ca0.0db8 Teb: 000007f770a4a000 Win32Thread: fffff90103fa5610 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d1420 NotificationEvent fffffa80036c8cb0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 811 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!CRUMAPIHelper::SrumThread (0x000007f770e0db10) Stack Init fffff88015e0ddd0 Current fffff88015e0d180 Base fffff88015e0e000 Limit fffff88015e08000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e0d1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e0d300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15e0d3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15e0d470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15e0d980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15e0dbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e0dc40) 000000f0`7268f4b8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7268f4c0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7268f7a0 000007f7`70e0dd3a USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7268f850 000007fe`f601167e taskmgr!CRUMAPIHelper::SrumThread+0x22a 000000f0`7268f940 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7268f970 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800404a080 Cid 0ca0.0c88 Teb: 000007f770a48000 Win32Thread: fffff901006b9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c95500 NotificationEvent fffffa8003f37990 SynchronizationEvent fffffa800409e6c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699025 Ticks: 42103 (0:00:10:56.811) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e22dd0 Current fffff88015e22180 Base fffff88015e23000 Limit fffff88015e1d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15e221c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e22300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15e223c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15e22470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15e22980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15e22bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e22c40) 000000f0`7270f448 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7270f450 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7270f730 000007f7`70e475fd USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7270f7e0 000007f7`70dfdf54 taskmgr!WdcUserMonitor::DoUpdates+0x65 000000f0`7270f870 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7270f8b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7270f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001de0b00 Cid 0ca0.0c84 Teb: 000007f770a46000 Win32Thread: fffff9010065f010 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372dc50 NotificationEvent fffffa80041961c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2887 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e29dd0 Current fffff88015e29180 Base fffff88015e2a000 Limit fffff88015e24000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e291c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e29300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15e293c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15e29470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15e29980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15e29bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e29c40) 000000f0`7278f348 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7278f350 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7278f630 000007f7`70e43c03 USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7278f6e0 000007f7`70dfdf54 taskmgr!WdcAppHistoryMonitor::DoUpdates+0x3f 000000f0`7278f750 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7278f790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7278f7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039d3b00 Cid 0ca0.07e4 Teb: 000007f770a44000 Win32Thread: fffff901040e2530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002067370 SynchronizationEvent fffffa8003f46e10 NotificationEvent fffffa800205cce0 SynchronizationEvent fffffa8003826490 SynchronizationEvent fffffa8003ee0dc0 SynchronizationEvent fffffa80030959b8 NotificationEvent fffffa800362fd18 NotificationEvent IRP List: fffffa800211ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800198a360: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699048 Ticks: 42080 (0:00:10:56.452) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e3edd0 Current fffff88015e3e180 Base fffff88015e3f000 Limit fffff88015e39000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`15e3e1c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e3e300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15e3e3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15e3e470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15e3e980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15e3ebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e3ec40) 000000f0`7280f588 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`7280f590 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7280f870 000007f7`70e57ed5 KERNEL32!WaitForMultipleObjects+0x12 000000f0`7280f8b0 000007f7`70dfdf54 taskmgr!WdcStartupMonitor::DoUpdates+0x2ad 000000f0`7280fdc0 000007fe`f601167e taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7280fe00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7280fe30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d01200 Cid 0ca0.0a9c Teb: 000007f770a42000 Win32Thread: fffff901040f7b90 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 565 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e4cdd0 Current fffff88015e4c760 Base fffff88015e4d000 Limit fffff88015e47000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15e4c7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15e4c8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`15e4c9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15e4ca50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15e4cae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e4cc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e4cc40) 000000f0`7288f808 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`7288f810 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f0`7288fab0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7288fae0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040036c0 Cid 0ca0.0244 Teb: 000007f770a3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80021566a0 SynchronizationEvent fffffa8002cd3ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1896 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcServiceCache::s_InformClientsThread (0x000007f770e07be4) Stack Init fffff88015f10dd0 Current fffff88015f10180 Base fffff88015f11000 Limit fffff88015f0b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15f101c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15f10300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`15f103c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`15f10470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`15f10980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`15f10bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f10c40) 000000f0`72a2f428 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`72a2f430 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`72a2f710 000007f7`70e07c1b KERNEL32!WaitForMultipleObjects+0x12 000000f0`72a2f750 000007fe`f601167e taskmgr!WdcServiceCache::s_InformClientsThread+0x37 000000f0`72a2f790 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`72a2f7c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002198b00 Cid 0ca0.0aa4 Teb: 000007f770a36000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003798d80 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15715946 Ticks: 25182 (0:00:06:32.841) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160eddd0 Current fffff880160ed760 Base fffff880160ee000 Limit fffff880160e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`160ed7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`160ed8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`160ed9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`160eda50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`160edae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160edc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160edc40) 000000f0`77f5f608 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`77f5f610 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f0`77f5f8b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`77f5f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f3b080 Cid 0ca0.0d2c Teb: 000007f770a4e000 Win32Thread: fffff90103f2ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e0220 SynchronizationEvent fffffa8003da2630 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2113 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcProcessMonitor::HangDetectionThread (0x000007f770e01354) Stack Init fffff88016222dd0 Current fffff88016222180 Base fffff88016223000 Limit fffff8801621d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`162221c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16222300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`162223c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`16222470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`16222980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`16222bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16222c40) 000000f0`72ddf648 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`72ddf650 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`72ddf930 000007f7`70e01398 KERNEL32!WaitForMultipleObjects+0x12 000000f0`72ddf970 000007fe`f601167e taskmgr!WdcProcessMonitor::HangDetectionThread+0x44 000000f0`72ddf9b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`72ddf9e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bbdb00 Cid 0ca0.0ae8 Teb: 000007f770a3a000 Win32Thread: fffff90103f6e530 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 7261 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150c3dd0 Current fffff880150c3760 Base fffff880150c4000 Limit fffff880150be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150c37a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150c38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150c39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`150c3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`150c3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150c3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150c3c40) 000000f0`0010fbd8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`0010fbe0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f0`0010fe80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0010feb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e74b00 Cid 0ca0.0c34 Teb: 000007f770a34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e58460 SynchronizationTimer Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880173bedd0 Current fffff880173be0f0 Base fffff880173bf000 Limit fffff880173b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173be130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173be270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`173be330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`173be3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`173be470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`173be980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`173bebd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173bec40) 000000f0`0028f418 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000f0`0028f420 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`0028f700 000007fe`f7b31a03 combase!WaitCoalesced+0x96 000000f0`0028f950 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 000000f0`0028f9a0 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 000000f0`0028fc10 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f0`0028fc40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0028fc70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020b5900 Cid 0ca0.0154 Teb: 000007f770a40000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e29dd0 Current fffff88014e29760 Base fffff88014e2a000 Limit fffff88014e24000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`14e297a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`14e298e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`14e299a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`14e29a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`14e29ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e29c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e29c40) 000000f0`0018fc78 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`0018fc80 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000f0`0018ff20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0018ff50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001e0f740 SessionId: 2 Cid: 0d7c Peb: 7f65412f000 ParentCid: 0c78 DirBase: 0e165000 ObjectTable: fffff8a00055ff00 HandleCount: Image: notepad.exe VadRoot fffffa80038c6d30 Vads 55 Clone 0 Private 228. Modified 4. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a0018dc8c0 ElapsedTime 00:05:13.216 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 191120 QuotaPoolUsage[NonPagedPool] 6912 Working Set Sizes (now,min,max) (1311, 50, 345) (5244KB, 200KB, 1380KB) PeakWorkingSetSize 1311 VirtualSize 93 Mb PeakVirtualSize 97 Mb PageFaultCount 1348 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 315 Job fffffa8003e3ea30 Setting context for this process... .process /p /r fffffa8001e0f740 THREAD fffffa8001ec4b00 Cid 0d7c.0bc4 Teb: 000007f65412d000 Win32Thread: fffff90104165010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003808f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001e0f740 Image: notepad.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address notepad!WinMainCRTStartup (0x000007f654c35a40) Stack Init fffff88015856dd0 Current fffff880158565f0 Base fffff88015857000 Limit fffff88015851000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`15856630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`15856770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`15856830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`158568c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`15856970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`15856a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`15856a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`15856bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`15856c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15856c40) 00000055`4fdbf918 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000055`4fdbf920 000007f6`54c31064 USER32!GetMessageW+0x25 00000055`4fdbf950 000007f6`54c3133d notepad!WinMain+0x178 00000055`4fdbf9d0 000007fe`f601167e notepad!StringCchLengthW+0x315 00000055`4fdbfa90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`4fdbfac0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001d54580 SessionId: 0 Cid: 0f98 Peb: 7f76acaa000 ParentCid: 0220 DirBase: 18acb000 ObjectTable: fffff8a0022e3980 HandleCount: Image: msiexec.exe VadRoot fffffa8003b87d70 Vads 148 Clone 0 Private 861. Modified 257. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a002c74930 ElapsedTime 00:03:36.886 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 111448 QuotaPoolUsage[NonPagedPool] 18944 Working Set Sizes (now,min,max) (2268, 50, 345) (9072KB, 200KB, 1380KB) PeakWorkingSetSize 2278 VirtualSize 208 Mb PeakVirtualSize 209 Mb PageFaultCount 2621 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 3725 Setting context for this process... .process /p /r fffffa8001d54580 THREAD fffffa8004165b00 Cid 0f98.0790 Teb: 000007f76acae000 Win32Thread: fffff901006a7570 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2c290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727297 Ticks: 13831 (0:00:03:35.764) Context Switch Count 56 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address msiexec!WinMainCRTStartup (0x000007f76b145308) Stack Init fffff88016559dd0 Current fffff88016559900 Base fffff8801655a000 Limit fffff88016554000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`16559940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16559a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16559b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`16559bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`16559c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16559c40) 00000055`2f8acf78 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000055`2f8acf80 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000055`2f8ad020 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000055`2f8ad160 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000055`2f8ad260 000007f7`6b13b465 sechost!StartServiceCtrlDispatcherW+0x54 00000055`2f8ad2a0 000007f7`6b13a3f5 msiexec!StartServiceW+0x31 00000055`2f8ad2f0 000007f7`6b13b40b msiexec!ServerMain+0x10cd 00000055`2f8afc80 000007f7`6b14525d msiexec!WinMain+0x2f 00000055`2f8afce0 000007fe`f601167e msiexec!GetProcAddress+0x2c7 00000055`2f8afda0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`2f8afdd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002ca9700 Cid 0f98.0f80 Teb: 000007f76acac000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 589 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016589dd0 Current fffff88016589760 Base fffff8801658a000 Limit fffff88016584000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`165897a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165898e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165899a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`16589a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`16589ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16589c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16589c40) 00000055`302cf9e8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`302cf9f0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`302cfc90 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`302cfcc0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020ffb00 Cid 0f98.0bc8 Teb: 000007f76aca4000 Win32Thread: fffff90100699b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d1f5a0 NotificationTimer fffffa800364f950 NotificationEvent fffffa8001e374f0 SynchronizationEvent fffffa80037ce180 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727303 Ticks: 13825 (0:00:03:35.671) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msiexec!ServiceThreadMain (0x000007f76b13b560) Stack Init fffff880165c2dd0 Current fffff880165c2180 Base fffff880165c3000 Limit fffff880165bd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165c21c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165c2300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165c23c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`165c2470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`165c2980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`165c2bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165c2c40) 00000055`3044e908 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`3044e910 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`3044ebf0 000007f7`6b13bc0e USER32!MsgWaitForMultipleObjects+0x14c 00000055`3044eca0 000007fe`f601167e msiexec!ServiceThreadMain+0x6ae 00000055`3044fa20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`3044fa50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018f13c0 Cid 0f98.0074 Teb: 000007f76ab7e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dc54d0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727582 Ticks: 13546 (0:00:03:31.318) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880165d8dd0 Current fffff880165d8900 Base fffff880165d9000 Limit fffff880165d3000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165d8940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165d8a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`165d8b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`165d8bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`165d8c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165d8c40) 00000055`30a4faa8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000055`30a4fab0 000007fe`eefff5ca KERNELBASE!WaitForSingleObjectEx+0x92 00000055`30a4fb50 000007fe`eefff8d1 ESENT!OSSYNC::CSemaphore::_FAcquire+0x102 00000055`30a4fbd0 000007fe`ef04ad45 ESENT!IOMgrIOPatrolDogThread+0x61 00000055`30a4fc60 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000055`30a4fca0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`30a4fcd0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002e8ab00 Cid 0f98.0f38 Teb: 000007f76ab7c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f03060 SynchronizationEvent fffffa8002d50810 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727322 Ticks: 13806 (0:00:03:35.374) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20) Stack Init fffff880165e6dd0 Current fffff880165e6180 Base fffff880165e7000 Limit fffff880165e1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165e61c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165e6300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`165e63c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`165e6470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`165e6980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`165e6bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165e6c40) 00000055`30b2f5e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000055`30b2f5f0 000007fe`ef0535b6 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000055`30b2f8d0 000007fe`ef04ad45 ESENT!UtilPerfThread+0xc6 00000055`30b2f9e0 000007fe`f601167e ESENT!UtilThreadIThreadBase+0x21 00000055`30b2fa20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`30b2fa50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020915c0 Cid 0f98.0f7c Teb: 000007f76ab78000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800181af80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727325 Ticks: 13803 (0:00:03:35.328) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165dfdd0 Current fffff880165df760 Base fffff880165e0000 Limit fffff880165da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`165df7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`165df8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`165df9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`165dfa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`165dfae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165dfc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165dfc40) 00000055`31fff768 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`31fff770 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`31fffa10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`31fffa40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bdab00 Cid 0f98.02fc Teb: 000007f76aca8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015022dd0 Current fffff88015022760 Base fffff88015023000 Limit fffff8801501d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150227a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150228e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150229a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15022a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15022ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15022c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15022c40) 00000055`31e0fc18 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000055`31e0fc20 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000055`31e0fec0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000055`31e0fef0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80033bb940 SessionId: 2 Cid: 0a50 Peb: 7f71da5f000 ParentCid: 0d68 DirBase: 1348e000 ObjectTable: fffff8a00303f300 HandleCount: Image: mspaint.exe VadRoot fffffa8002778510 Vads 382 Clone 0 Private 1917. Modified 4. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a001e5f3d0 ElapsedTime 00:03:23.857 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 246176 QuotaPoolUsage[NonPagedPool] 48832 Working Set Sizes (now,min,max) (4508, 50, 345) (18032KB, 200KB, 1380KB) PeakWorkingSetSize 4593 VirtualSize 129 Mb PeakVirtualSize 133 Mb PageFaultCount 6008 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 2145 Setting context for this process... .process /p /r fffffa80033bb940 THREAD fffffa8003e87b00 Cid 0a50.0e50 Teb: 000007f71da5d000 Win32Thread: fffff9010419c7a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002cfe830 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6061 IdealProcessor: 0 UserTime 00:00:01.154 KernelTime 00:00:00.639 Win32 Start Address mspaint!wWinMainCRTStartup (0x000007f71e33df00) Stack Init fffff88016318dd0 Current fffff880163185f0 Base fffff88016319000 Limit fffff88016313000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`16318630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`16318770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`16318830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`163188c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`16318970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`16318a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`16318a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`16318bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`16318c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16318c40) 00000058`e266f978 000007fe`f56c1ef5 USER32!NtUserGetMessage+0xa 00000058`e266f980 000007fe`ee16625f USER32!GetMessageW+0x25 00000058`e266f9b0 000007fe`ee1660bc MFC42u!CWinThread::PumpMessage+0x1f 00000058`e266f9e0 000007fe`ee16a52d MFC42u!CWinThread::Run+0x6c 00000058`e266fa20 000007f7`1e321470 MFC42u!AfxWinMain+0xad 00000058`e266fa60 000007fe`f601167e mspaint!LDunscale+0x2e6 00000058`e266fb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e266fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80027dfb00 Cid 0a50.0d20 Teb: 000007f71da5b000 Win32Thread: fffff90104195010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040dcd70 NotificationEvent fffffa8003feb710 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728106 Ticks: 13022 (0:00:03:23.144) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address gdiplus!DllRefCountSafeThreadThunk (0x000007fef6381b90) Stack Init fffff880170e6dd0 Current fffff880170e6180 Base fffff880170e7000 Limit fffff880170e1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`170e61c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170e6300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`170e63c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`170e6470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`170e6980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`170e6bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170e6c40) 00000058`e42efa28 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000058`e42efa30 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000058`e42efd10 000007fe`f6381603 USER32!MsgWaitForMultipleObjects+0x14c 00000058`e42efdc0 000007fe`f6381ba8 gdiplus!BackgroundThreadProc+0x63 00000058`e42efe30 000007fe`f601167e gdiplus!DllRefCountSafeThreadThunk+0x18 00000058`e42efe60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e42efe90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039dab00 Cid 0a50.09a4 Teb: 000007f71da59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170fbdd0 Current fffff880170fb760 Base fffff880170fc000 Limit fffff880170f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`170fb7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`170fb8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`170fb9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`170fba50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`170fbae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170fbc40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170fbc40) 00000058`e534f588 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000058`e534f590 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000058`e534f830 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e534f860 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800201e080 Cid 0a50.0384 Teb: 000007f71da55000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003669320 SynchronizationEvent fffffa8001cbd2e0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15739900 Ticks: 1228 (0:00:00:19.156) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017141dd0 Current fffff88017141180 Base fffff88017142000 Limit fffff8801713c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`171411c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17141300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`171413c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17141470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17141980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17141bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17141c40) 00000058`e544f638 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000058`e544f640 000007fe`f7b32333 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000058`e544f920 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x163 00000058`e544fb90 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000058`e544fbc0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e544fbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d30600 Cid 0a50.0020 Teb: 000007f71da53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001972e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sti!WiaEventReceiver::EventThreadProc (0x000007feec322860) Stack Init fffff880172f9dd0 Current fffff880172f9900 Base fffff880172fa000 Limit fffff880172f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172f9940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172f9a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`172f9b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`172f9bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`172f9c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172f9c40) 00000058`e54dfb68 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000058`e54dfb70 000007fe`ec3228ec KERNELBASE!WaitForSingleObjectEx+0x92 00000058`e54dfc10 000007fe`f601167e sti!WiaEventReceiver::EventThreadProc+0x8c 00000058`e54dfcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e54dfce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c25900 Cid 0a50.0b88 Teb: 000007f71da57000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150e6dd0 Current fffff880150e6760 Base fffff880150e7000 Limit fffff880150e1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`150e67a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`150e68e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`150e69a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`150e6a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`150e6ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150e6c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150e6c40) 00000058`e575f548 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000058`e575f550 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000058`e575f7f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000058`e575f820 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa80030a6540 SessionId: 0 Cid: 02e4 Peb: 7f6fad17000 ParentCid: 0220 DirBase: 1708f000 ObjectTable: fffff8a0085c6f00 HandleCount: Image: svchost.exe VadRoot fffffa80036344d0 Vads 71 Clone 0 Private 291. Modified 0. Locked 0. DeviceMap fffff8a002487200 Token fffff8a0022f9060 ElapsedTime 00:03:22.172 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 74592 QuotaPoolUsage[NonPagedPool] 9152 Working Set Sizes (now,min,max) (1365, 50, 345) (5460KB, 200KB, 1380KB) PeakWorkingSetSize 1375 VirtualSize 36 Mb PeakVirtualSize 37 Mb PageFaultCount 1459 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 384 Setting context for this process... .process /p /r fffffa80030a6540 THREAD fffffa80031ffb00 Cid 02e4.00ac Teb: 000007f6fad1e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003835f10 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728189 Ticks: 12939 (0:00:03:21.849) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0) Stack Init fffff880171e0dd0 Current fffff880171e0900 Base fffff880171e1000 Limit fffff880171db000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`171e0940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`171e0a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`171e0b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`171e0bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`171e0c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171e0c40) 00000011`4c08f678 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000011`4c08f680 000007fe`f55d5150 KERNELBASE!WaitForSingleObjectEx+0x92 00000011`4c08f720 000007fe`f55d4f3c sechost!ScSendResponseReceiveControls+0x14d 00000011`4c08f860 000007fe`f55d5369 sechost!ScDispatcherLoop+0x11c 00000011`4c08f960 000007f6`fb7a2187 sechost!StartServiceCtrlDispatcherW+0x54 00000011`4c08f9a0 000007f6`fb7a2742 svchost!wmain+0x269 00000011`4c08f9f0 000007fe`f601167e svchost!_wmainCRTStartup+0x74 00000011`4c08fa20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4c08fa50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002064680 Cid 02e4.0ed8 Teb: 000007f6fad1a000 Win32Thread: fffff901006c1710 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017256dd0 Current fffff88017256760 Base fffff88017257000 Limit fffff88017251000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172567a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172568e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`172569a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17256a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17256ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17256c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17256c40) 00000011`4c3af658 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000011`4c3af660 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000011`4c3af900 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4c3af930 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001c38b00 Cid 02e4.0040 Teb: 000007f6fad18000 Win32Thread: fffff901006f8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d729f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728195 Ticks: 12933 (0:00:03:21.756) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801725ddd0 Current fffff8801725d900 Base fffff8801725e000 Limit fffff88017258000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1725d940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1725da80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`1725db40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`1725dbd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`1725dc40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1725dc40) 00000011`4c42f5c8 000007fe`f4fd10ea ntdll!NtWaitForSingleObject+0xa 00000011`4c42f5d0 000007fe`ee01b2c6 KERNELBASE!WaitForSingleObjectEx+0x92 00000011`4c42f670 000007fe`ee00a83d wiaservc!WiaService::Run+0x116 00000011`4c42f7f0 000007f6`fb7a12f3 wiaservc!ServiceMain+0x275 00000011`4c42f9a0 000007fe`f55d4ac5 svchost!ServiceStarter+0x36e 00000011`4c42faf0 000007fe`f601167e sechost!ScSvcctrlThreadW+0x25 00000011`4c42fb20 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4c42fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d5a700 Cid 02e4.03a8 Teb: 000007f6fad15000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c341f0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728188 Ticks: 12940 (0:00:03:21.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wiaservc!SchedulerThread (0x000007feee027388) Stack Init fffff88017288dd0 Current fffff880172880f0 Base fffff88017289000 Limit fffff88017283000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`17288130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17288270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`17288330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`172883c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`17288470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17288980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17288bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17288c40) 00000011`4cb8fa88 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000011`4cb8fa90 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000011`4cb8fd70 000007fe`ee0273e5 KERNEL32!WaitForMultipleObjects+0x12 00000011`4cb8fdb0 000007fe`f601167e wiaservc!SchedulerThread+0x5d 00000011`4cb8fdf0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4cb8fe20 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001d17b00 Cid 02e4.0b50 Teb: 000007f6fad13000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040bc950 SynchronizationEvent fffffa8002dd08d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728190 Ticks: 12938 (0:00:03:21.834) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wiaservc!SCMControlHandler::ControlThread (0x000007feee01de04) Stack Init fffff88017275dd0 Current fffff88017275180 Base fffff88017276000 Limit fffff88017270000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`172751c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17275300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`172753c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17275470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17275980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17275bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17275c40) 00000011`4cc0f7d8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000011`4cc0f7e0 000007fe`f6011292 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000011`4cc0fac0 000007fe`ee01e089 KERNEL32!WaitForMultipleObjects+0x12 00000011`4cc0fb00 000007fe`f601167e wiaservc!SCMControlHandler::ControlThread+0x285 00000011`4cc0fb60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4cc0fb90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80037da740 Cid 02e4.0158 Teb: 000007f6fabea000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017311dd0 Current fffff88017311760 Base fffff88017312000 Limit fffff8801730c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173117a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173118e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173119a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17311a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17311ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17311c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17311c40) 00000011`4cdcf648 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000011`4cdcf650 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000011`4cdcf8f0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000011`4cdcf920 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8002d6c540 SessionId: 0 Cid: 0e80 Peb: 7f7d3e2e000 ParentCid: 0288 DirBase: 50bb1000 ObjectTable: fffff8a0008fc200 HandleCount: Image: WmiPrvSE.exe VadRoot fffffa80027e5d20 Vads 66 Clone 0 Private 315. Modified 0. Locked 0. DeviceMap fffff8a00000c340 Token fffff8a000856060 ElapsedTime 00:03:18.631 UserTime 00:00:00.046 KernelTime 00:00:00.031 QuotaPoolUsage[PagedPool] 58280 QuotaPoolUsage[NonPagedPool] 10032 Working Set Sizes (now,min,max) (1297, 50, 345) (5188KB, 200KB, 1380KB) PeakWorkingSetSize 1328 VirtualSize 30 Mb PeakVirtualSize 36 Mb PageFaultCount 1482 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 436 Job fffffa8003dc8160 Setting context for this process... .process /p /r fffffa8002d6c540 THREAD fffffa80037dfb00 Cid 0e80.0ccc Teb: 000007f7d3e2c000 Win32Thread: fffff90100659710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80036474e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728397 Ticks: 12731 (0:00:03:18.604) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address wmiprvse!WinMainCRTStartup (0x000007f7d478b3fc) Stack Init fffff880173f0dd0 Current fffff880173f05f0 Base fffff880173f1000 Limit fffff880173eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`173f0630 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173f0770 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`173f0830 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`173f08c0 fffff960`00153e07 nt!KeWaitForMultipleObjects+0x2ce fffff880`173f0970 fffff960`00154765 win32k!xxxRealSleepThread+0x2c7 fffff880`173f0a40 fffff960`00152e99 win32k!xxxSleepThread+0xc5 fffff880`173f0a90 fffff960`001545f3 win32k!xxxRealInternalGetMessage+0x629 fffff880`173f0bb0 fffff802`b3b02d53 win32k!NtUserGetMessage+0x83 fffff880`173f0c40 000007fe`f56c1eba nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173f0c40) 000000d7`7063f908 000007fe`f56c1ef5 user32!NtUserGetMessage+0xa 000000d7`7063f910 000007f7`d478254b user32!GetMessageW+0x25 000000d7`7063f940 000007f7`d4782eb2 wmiprvse!Process+0x792 000000d7`7063fb00 000007f7`d4782b6a wmiprvse!WinMain+0x312 000000d7`7063fbf0 000007fe`f601167e wmiprvse!std::length_error::`vector deleting destructor'+0x31d 000000d7`7063fcb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`7063fce0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002c9d800 Cid 0e80.083c Teb: 000007f7d3e2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017422dd0 Current fffff88017422760 Base fffff88017423000 Limit fffff8801741d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`174227a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`174228e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`174229a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`17422a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`17422ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17422c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17422c40) 000000d7`7103fb58 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d7`7103fb60 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d7`7103fe00 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`7103fe30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80041a8840 Cid 0e80.0ce8 Teb: 000007f7d3e28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dce240 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728396 Ticks: 12732 (0:00:03:18.620) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470) Stack Init fffff880173d4dd0 Current fffff880173d4180 Base fffff880173d5000 Limit fffff880173cf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`173d41c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173d4300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`173d43c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`173d4470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`173d4980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`173d4bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173d4c40) 000000d7`710bfa08 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000d7`710bfa10 000007fe`ed2414ee KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000d7`710bfcf0 000007fe`f601167e NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc+0x7a 000000d7`710bfd60 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`710bfd90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b59080 Cid 0e80.04d0 Teb: 000007f7d3e26000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15738078 Ticks: 3050 (0:00:00:47.580) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173f7dd0 Current fffff880173f7760 Base fffff880173f8000 Limit fffff880173f2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`173f77a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`173f78e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`173f79a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`173f7a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`173f7ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173f7c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173f7c40) 000000d7`7124f9d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d7`7124f9e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d7`7124fc80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`7124fcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e03080 Cid 0e80.0c5c Teb: 000007f7d3cfe000 Win32Thread: fffff90100691290 WAIT: (UserRequest) UserMode Alertable fffffa8002db0b20 SynchronizationEvent fffffa8002db0aa0 SynchronizationEvent fffffa8003050aa0 SynchronizationEvent fffffa8003050a20 SynchronizationEvent fffffa800388d290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15736090 Ticks: 5038 (0:00:01:18.593) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wmiprvse!WmiThread::ThreadProc (0x000007f7d4781850) Stack Init fffff88017414dd0 Current fffff88017414180 Base fffff88017415000 Limit fffff8801740f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr Call Site fffff880`174141c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`17414300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`174143c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`17414470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`17414980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`17414bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17414c40) 000000d7`7136f0a8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 000000d7`7136f0b0 000007fe`f56c2c83 KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000d7`7136f390 000007f7`d47811d9 user32!MsgWaitForMultipleObjectsEx+0x144 000000d7`7136f440 000007f7`d478197a wmiprvse!WmiThread::ThreadWait+0x11c 000000d7`7136f710 000007fe`f601167e wmiprvse!WmiThread::ThreadProc+0x12b 000000d7`7136f7b0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`7136f7e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040db980 Cid 0e80.0cb0 Teb: 000007f7d3cfa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject IRP List: fffffa8001d67830: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801744edd0 Current fffff8801744e760 Base fffff8801744f000 Limit fffff88017449000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr Call Site fffff880`1744e7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`1744e8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`1744e9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`1744ea50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`1744eae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1744ec40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1744ec40) 000000d7`7146fc88 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000d7`7146fc90 000007fe`f601167e ntdll!TppWorkerThread+0x275 000000d7`7146ff30 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 000000d7`7146ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8004145940 SessionId: 2 Cid: 0814 Peb: 7f6abd6d000 ParentCid: 0288 DirBase: 4cdd6000 ObjectTable: fffff8a006b08680 HandleCount: Image: BackgroundTransferHost.exe VadRoot fffffa8001f792b0 Vads 116 Clone 0 Private 650. Modified 2. Locked 0. DeviceMap fffff8a000290b20 Token fffff8a002dae5d0 ElapsedTime 00:01:17.728 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 221184 QuotaPoolUsage[NonPagedPool] 21392 Working Set Sizes (now,min,max) (2770, 50, 345) (11080KB, 200KB, 1380KB) PeakWorkingSetSize 2893 VirtualSize 101 Mb PeakVirtualSize 103 Mb PageFaultCount 3052 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 781 Job fffffa80033be260 Setting context for this process... .process /p /r fffffa8004145940 THREAD fffffa8001ca1080 Cid 0814.0af4 Teb: 000007f6abd6e000 Win32Thread: fffff901040fcb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d76d0 NotificationEvent fffffa8003e46770 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address BackgroundTransferHost!wWinMainCRTStartup (0x000007f6acc3299c) Stack Init fffff880175d3dd0 Current fffff880175d3180 Base fffff880175d4000 Limit fffff880175ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`175d31c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175d3300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175d33c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175d3470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175d3980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175d3bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175d3c40) 00000034`c9f9f568 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`c9f9f570 000007fe`e8a4caf8 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`c9f9f850 000007fe`e8a4c994 twinapi!Event::WaitWithFreeUnusedLibraries+0xb8 00000034`c9f9fac0 000007f6`acc318f9 twinapi!Windows::ApplicationModel::Core::CoreApplicationFactory::RunInternal+0x114 00000034`c9f9fb20 000007f6`acc319bc BackgroundTransferHost!Run+0x16d 00000034`c9f9fb90 000007f6`acc328fa BackgroundTransferHost!wWinMain+0x38 00000034`c9f9fbc0 000007fe`f601167e BackgroundTransferHost!Template_q+0x342 00000034`c9f9fc80 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`c9f9fcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e0f080 Cid 0814.0d1c Teb: 000007f6abd6b000 Win32Thread: fffff901043b1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d15e90 SynchronizationEvent fffffa80040141e0 SynchronizationEvent fffffa800385b510 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175e9dd0 Current fffff880175e9180 Base fffff880175ea000 Limit fffff880175e4000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`175e91c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175e9300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175e93c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175e9470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175e9980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175e9bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175e9c40) 00000034`cba8f3e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`cba8f3f0 000007fe`e5a59294 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`cba8f6d0 000007fe`e5a58fec Windows_Networking_BackgroundTransfer!BackgroundTransferState::ExecuteTransferCore+0x228 00000034`cba8f7a0 000007fe`e5a58abb Windows_Networking_BackgroundTransfer!BackgroundTransferState::ExecuteTransfer+0x54 00000034`cba8f7e0 000007fe`e5a5ab25 Windows_Networking_BackgroundTransfer!BackgroundTransferState::ProcessOperation+0x1b7 00000034`cba8f830 000007fe`ecb3831a Windows_Networking_BackgroundTransfer!BackgroundTransferTaskImpl::Run+0xd1 00000034`cba8f890 000007fe`e8a44c88 biwinrt!Windows::ApplicationModel::Background::CBackgroundTaskInstance::Run+0x176 [d:\w8rtm\base\background\bi\winrt\impl\actbwii.cpp @ 379] 00000034`cba8f940 000007fe`e8a44b60 twinapi!Windows::ApplicationModel::Core::BackgroundTaskWrapper::Run+0xf8 00000034`cba8f990 000007fe`f7ecd893 twinapi!Windows::ApplicationModel::Core::BackgroundTaskWrapper::ThreadProc+0x34 00000034`cba8f9c0 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000034`cba8fb10 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000034`cba8fdb0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cba8fde0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800416d5c0 Cid 0814.0e9c Teb: 000007f6abd69000 Win32Thread: fffff901040d2240 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e6b710 SynchronizationEvent fffffa8001d344c0 SynchronizationEvent fffffa80033c5210 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175f0dd0 Current fffff880175f0180 Base fffff880175f1000 Limit fffff880175eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`175f01c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`175f0300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`175f03c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`175f0470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`175f0980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`175f0bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175f0c40) 00000034`cbdef578 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`cbdef580 000007fe`e5a59294 KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`cbdef860 000007fe`e5a58fec Windows_Networking_BackgroundTransfer!BackgroundTransferState::ExecuteTransferCore+0x228 00000034`cbdef930 000007fe`e5a58abb Windows_Networking_BackgroundTransfer!BackgroundTransferState::ExecuteTransfer+0x54 00000034`cbdef970 000007fe`e5a5ab25 Windows_Networking_BackgroundTransfer!BackgroundTransferState::ProcessOperation+0x1b7 00000034`cbdef9c0 000007fe`ecb3831a Windows_Networking_BackgroundTransfer!BackgroundTransferTaskImpl::Run+0xd1 00000034`cbdefa20 000007fe`e8a44c88 biwinrt!Windows::ApplicationModel::Background::CBackgroundTaskInstance::Run+0x176 [d:\w8rtm\base\background\bi\winrt\impl\actbwii.cpp @ 379] 00000034`cbdefad0 000007fe`e8a44b60 twinapi!Windows::ApplicationModel::Core::BackgroundTaskWrapper::Run+0xf8 00000034`cbdefb20 000007fe`f7ecd893 twinapi!Windows::ApplicationModel::Core::BackgroundTaskWrapper::ThreadProc+0x34 00000034`cbdefb50 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000034`cbdefca0 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000034`cbdeff40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cbdeff70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002c8e080 Cid 0814.053c Teb: 000007f6abd67000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e3b2a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88000fbfdd0 Current fffff88000fbf0f0 Base fffff88000fc0000 Limit fffff88000fba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`00fbf130 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fbf270 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`00fbf330 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf fffff880`00fbf3c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x2ce fffff880`00fbf470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`00fbf980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`00fbfbd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fbfc40) 00000034`cbe6f2e8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`cbe6f2f0 000007fe`f7b3196a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`cbe6f5d0 000007fe`f7b31a03 combase!WaitCoalesced+0x96 00000034`cbe6f820 000007fe`f7b32218 combase!CROIDTable::WorkerThreadLoop+0x63 00000034`cbe6f870 000007fe`f7b3241f combase!CRpcThread::WorkerLoop+0x48 00000034`cbe6fae0 000007fe`f601167e combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 00000034`cbe6fb10 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cbe6fb40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018b8080 Cid 0814.0368 Teb: 000007f6abd65000 Win32Thread: fffff90104271b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80020af610 SynchronizationEvent fffffa8001cec150 SynchronizationEvent fffffa8001e14af0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe9dd0 Current fffff88000fe9180 Base fffff88000fea000 Limit fffff88000fe4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`00fe91c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`00fe9300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`00fe93c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`00fe9470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`00fe9980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`00fe9bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fe9c40) 00000034`cbeeefb8 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`cbeeefc0 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`cbeef2a0 000007fe`e5a5d2de USER32!MsgWaitForMultipleObjects+0x14c 00000034`cbeef350 000007fe`f7ecd893 Windows_Networking_BackgroundTransfer!DataTransfer::WorkCallback+0x23e 00000034`cbeef410 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000034`cbeef560 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000034`cbeef800 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cbeef830 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa800200d800 Cid 0814.0d4c Teb: 000007f6abd63000 Win32Thread: fffff9010414f010 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 358 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880172c3dd0 Current fffff880172c3760 Base fffff880172c4000 Limit fffff880172be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`172c37a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`172c38e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`172c39a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`172c3a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`172c3ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`172c3c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172c3c40) 00000034`cbf8f5c8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000034`cbf8f5d0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000034`cbf8f870 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cbf8f8a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033b8b00 Cid 0814.0850 Teb: 000007f6abc3e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002d4db30 NotificationEvent IRP List: fffffa80033f6950: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88003c61dd0 Current fffff88003c61900 Base fffff88003c62000 Limit fffff88003c5c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`03c61940 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c61a80 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c fffff880`03c61b40 fffff802`b3ec9df6 nt!KeWaitForSingleObject+0x1cf fffff880`03c61bd0 fffff802`b3b02d53 nt!NtWaitForSingleObject+0xb6 fffff880`03c61c40 000007fe`f7ec2c2a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c61c40) 00000034`cc00f038 000007fe`f4641d19 ntdll!NtWaitForSingleObject+0xa 00000034`cc00f040 000007fe`f46481b2 mswsock!SockWaitForSingleObject+0x139 00000034`cc00f0c0 000007fe`f5b82e8d mswsock!WSPSelect+0x4f5 00000034`cc00f260 000007fe`f59e008b WS2_32!select+0x185 00000034`cc00f350 000007fe`f601167e WININET!ICAsyncThread::SelectThread+0x1fb 00000034`cc00fa40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`cc00fa70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040ee700 Cid 0814.0938 Teb: 000007f6abc3c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f10500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736494 Ticks: 4634 (0:00:01:12.290) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8800317add0 Current fffff8800317a760 Base fffff8800317b000 Limit fffff88003175000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`0317a7a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`0317a8e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`0317a9a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`0317aa50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`0317aae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`0317ac40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0317ac40) 00000034`ccb6f4d8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000034`ccb6f4e0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000034`ccb6f780 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`ccb6f7b0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e22740 Cid 0814.0f3c Teb: 000007f6abc3a000 Win32Thread: fffff901041b5010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e416f0 SynchronizationEvent fffffa80018d06a0 SynchronizationEvent fffffa8003f53420 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003188dd0 Current fffff88003188180 Base fffff88003189000 Limit fffff88003183000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`031881c0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03188300 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c fffff880`031883c0 fffff802`b3eca2ac nt!KeWaitForMultipleObjects+0x25d fffff880`03188470 fffff802`b3eca723 nt!ObWaitForMultipleObjects+0x29c fffff880`03188980 fffff802`b3b02d53 nt!NtWaitForMultipleObjects+0xe3 fffff880`03188bd0 000007fe`f7ec319b nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03188c40) 00000034`ccbef658 000007fe`f4fd12c6 ntdll!NtWaitForMultipleObjects+0xa 00000034`ccbef660 000007fe`f56c303a KERNELBASE!WaitForMultipleObjectsEx+0xe5 00000034`ccbef940 000007fe`e5a5d2de USER32!MsgWaitForMultipleObjects+0x14c 00000034`ccbef9f0 000007fe`f7ecd893 Windows_Networking_BackgroundTransfer!DataTransfer::WorkCallback+0x23e 00000034`ccbefab0 000007fe`f7ec8842 ntdll!TppWorkpExecuteCallback+0x103 00000034`ccbefc00 000007fe`f601167e ntdll!TppWorkerThread+0x604 00000034`ccbefea0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`ccbefed0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa80038a7080 Cid 0814.08d8 Teb: 000007f6abc38000 Win32Thread: fffff9010430ab90 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject IRP List: fffffa800266fb20: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa800413e810: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 293 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015991dd0 Current fffff88015991760 Base fffff88015992000 Limit fffff8801598c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`159917a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`159918e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`159919a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`15991a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`15991ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15991c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15991c40) 00000034`ccc6f6a8 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000034`ccc6f6b0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000034`ccc6f950 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`ccc6f980 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003de9080 Cid 0814.0fc0 Teb: 000007f6abc34000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003c44dd0 Current fffff88003c44760 Base fffff88003c45000 Limit fffff88003c3f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`03c447a0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c448e0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03c449a0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03c44a50 fffff802`b3b434d5 nt!IoRemoveIoCompletion+0x4c fffff880`03c44ae0 fffff802`b3b02d53 nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03c44c40 000007fe`f7ec46ab nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c44c40) 00000034`ccd6f998 000007fe`f7ec84b3 ntdll!NtWaitForWorkViaWorkerFactory+0xa 00000034`ccd6f9a0 000007fe`f601167e ntdll!TppWorkerThread+0x275 00000034`ccd6fc40 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`ccd6fc70 00000000`00000000 ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001ce6640 Cid 0814.03ec Teb: 000007f6abc32000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8004000ac0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736520 Ticks: 4608 (0:00:01:11.885) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990) Stack Init fffff88003c0ddd0 Current fffff88003c0d7a0 Base fffff88003c0e000 Limit fffff88003c08000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr Call Site fffff880`03c0d7e0 fffff802`b3b2d99c nt!KiSwapContext+0x76 fffff880`03c0d920 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c fffff880`03c0d9e0 fffff802`b3ed0b6c nt!KeRemoveQueueEx+0x26b fffff880`03c0da90 fffff802`b3eafcb5 nt!IoRemoveIoCompletion+0x4c fffff880`03c0db20 fffff802`b3b02d53 nt!NtRemoveIoCompletion+0x135 fffff880`03c0dbd0 000007fe`f7ec2c7a nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c0dc40) 00000034`ccdefe78 000007fe`f4645a19 ntdll!NtRemoveIoCompletion+0xa 00000034`ccdefe80 000007fe`f601167e mswsock!SockAsyncThread+0x8f 00000034`ccdefee0 000007fe`f7ee3501 KERNEL32!BaseThreadInitThunk+0x1a 00000034`ccdeff10 00000000`00000000 ntdll!RtlUserThreadStart+0x1d .process /p /r 0 0: kd> !process 0 16 **** NT ACTIVE PROCESS DUMP **** PROCESS fffffa800182e480 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000003000 HandleCount: Image: System THREAD fffffa8001818040 Cid 0004.0008 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d542e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 23943 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:08.502 Win32 Start Address nt!Phase1Initialization (0xfffff802b3f85f70) Stack Init fffff880009a9dd0 Current fffff880009a9970 Base fffff880009aa000 Limit fffff880009a4000 Call 0 Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`009a99b0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`009a9af0 fffff802`b3b29c1f : 00000000`00000010 00000000`00000206 00000000`00000000 fffffa80`0179f640 : nt!KiCommitThreadWait+0x23c fffff880`009a9bb0 fffff802`b3b580b7 : fffff802`b3d542e0 fffff6fc`00000008 fffff880`009a9c00 00000000`0004f000 : nt!KeWaitForSingleObject+0x1cf fffff880`009a9c40 fffff802`b3aab535 : 00000000`00000001 00000000`00000000 fffff880`00879000 00000000`00000001 : nt!MmZeroPageThread+0x2d0 fffff880`009a9d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01818040 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`009a9da0 00000000`00000000 : fffff880`009aa000 fffff880`009a4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800184e380 Cid 0004.000c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d1ff20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 38 Ticks: 15741090 (2:20:12:42.577) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorkerControl (0xfffff802b3bc4b30) Stack Init fffff880009d0dd0 Current fffff880009d0a40 Base fffff880009d1000 Limit fffff880009cb000 Call 0 Priority 15 BasePriority 13 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`009d0a80 fffff802`b3b2d99c : 24ff3062`00000001 00000000`00000000 0720b3e2`00000001 aee301c0`00fc811f : nt!KiSwapContext+0x76 fffff880`009d0bc0 fffff802`b3b29c1f : e0fe19c3`b5603201 b13f5743`03b20000 00000000`00000000 a800f02f`c10db00f : nt!KiCommitThreadWait+0x23c fffff880`009d0c80 fffff802`b3bc4b60 : fffff802`b3d1ff20 c1030007`00000000 a0010004`e0032b00 380da100`5e003900 : nt!KeWaitForSingleObject+0x1cf fffff880`009d0d10 fffff802`b3aab535 : fffffa80`0184e380 00000000`00000080 0f7604d8`07022104 3100b00e`00350450 : nt!PopIrpWorkerControl+0x30 fffff880`009d0d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0184e380 fffffa80`017f4040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`009d0da0 00000000`00000000 : fffff880`009d1000 fffff880`009cb000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80017f4040 Cid 0004.0010 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739995 Ticks: 1133 (0:00:00:17.674) Context Switch Count 535 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009d7dd0 Current fffff880009d79d0 Base fffff880009d8000 Limit fffff880009d2000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`009d7a10 fffff802`b3b2d99c : fffffa80`031f1060 00000000`00000000 fffffa80`031f11b0 fffffa80`0396cae8 : nt!KiSwapContext+0x76 fffff880`009d7b50 fffff802`b3b29c1f : fffffa80`0325b1b0 00000000`00000020 00000000`00000000 fffff880`0453038f : nt!KiCommitThreadWait+0x23c fffff880`009d7c10 fffff802`b3ba4818 : fffff802`b3d20520 fffffa80`00000000 fffffa80`0325b000 fffffa80`0406a600 : nt!KeWaitForSingleObject+0x1cf fffff880`009d7ca0 fffff802`b3aab535 : 0300f403`007301f2 fffffa80`017f4040 00000000`00000000 fffffa80`0183a940 : nt!PopIrpWorker+0x140 fffff880`009d7d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`017f4040 fffffa80`0183a940 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`009d7da0 00000000`00000000 : fffff880`009d8000 fffff880`009d2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800183a940 Cid 0004.0014 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d20520 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8) Stack Init fffff880009dedd0 Current fffff880009de9d0 Base fffff880009df000 Limit fffff880009d9000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`009dea10 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 fffffa80`0396caa0 : nt!KiSwapContext+0x76 fffff880`009deb50 fffff802`b3b29c1f : fffffa80`0325b1b0 00000000`00000020 00000000`00000000 fffff880`0453038f : nt!KiCommitThreadWait+0x23c fffff880`009dec10 fffff802`b3ba4818 : fffff802`b3d20520 fffffa80`00000000 fffffa80`0325b000 fffffa80`0362b000 : nt!KeWaitForSingleObject+0x1cf fffff880`009deca0 fffff802`b3aab535 : 16880317`80011590 fffffa80`0183a940 00000000`00000000 fffffa80`018094c0 : nt!PopIrpWorker+0x140 fffff880`009ded50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0183a940 fffffa80`018094c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`009deda0 00000000`00000000 : fffff880`009df000 fffff880`009d9000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80018094c0 Cid 0004.0018 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8001835788 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15679017 Ticks: 62111 (0:00:16:08.937) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!PopFxEmergencyWorker (0xfffff802b3bb507c) Stack Init fffff880009e5dd0 Current fffff880009e5a20 Base fffff880009e6000 Limit fffff880009e0000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`009e5a60 fffff802`b3b2d99c : 00000000`54fb825d 00000000`00000000 00000000`00000000 fffffa80`02ed3510 : nt!KiSwapContext+0x76 fffff880`009e5ba0 fffff802`b3b38ddb : fffffa80`02ed3510 00000000`00000001 00000000`00000000 fffff802`b3bb507c : nt!KiCommitThreadWait+0x23c fffff880`009e5c60 fffff802`b3bb50b9 : fffffa80`01835788 fffffa80`01835700 00000000`00000000 fffffa80`01835700 : nt!KeRemoveQueueEx+0x26b fffff880`009e5d10 fffff802`b3aab535 : af0baf00`05c00cbf fffffa80`02ed36f8 3ee11a83`197f0baf 0fe2010f`0d700871 : nt!PopFxEmergencyWorker+0x3e fffff880`009e5d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`018094c0 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`009e5da0 00000000`00000000 : fffff880`009e6000 fffff880`009e0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001823980 Cid 0004.001c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88000faace0 SynchronizationTimer fffff802b3d0d2f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThreadBalanceManager (0xfffff802b3e1bfe8) Stack Init fffff88000faadd0 Current fffff88000faa9a0 Base fffff88000fab000 Limit fffff88000fa5000 Call 0 Priority 15 BasePriority 12 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`00faa9e0 fffff802`b3b2d99c : fffff880`009e6180 00000000`00000000 fffff880`009e6180 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00faab20 fffff802`b3b293cd : 00000000`0000000d 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`00faabe0 fffff802`b3e1c0b5 : fffff802`00000002 fffff880`00faacd0 00000000`00000001 fffff802`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`00faac90 fffff802`b3aab535 : fffffa80`01823980 00000000`00000080 00000000`00000000 ffff0f00`00000000 : nt!ExpWorkerThreadBalanceManager+0xcd fffff880`00faad50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01823980 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`00faada0 00000000`00000000 : fffff880`00fab000 fffff880`00fa5000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001806a80 Cid 0004.002c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 20016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.780 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fc6dd0 Current fffff88000fc69d0 Base fffff88000fc7000 Limit fffff88000fc1000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`00fc6a10 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`02e292b8 00000000`00000002 : nt!KiSwapContext+0x76 fffff880`00fc6b50 fffff802`b3b38ddb : fffffa80`02e292b8 fffff880`049ebc35 00000000`00000000 fffff880`01c6f232 : nt!KiCommitThreadWait+0x23c fffff880`00fc6c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffff880`01c6ef00 fffffa80`02e29900 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`00fc6cc0 fffff802`b3aab535 : f00100c0`03f00000 00000000`00000080 fffff802`b3b3c450 fffffa80`01806a80 : nt!ExpWorkerThread+0xf4 fffff880`00fc6d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01806a80 fffffa80`01823980 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`00fc6da0 00000000`00000000 : fffff880`00fc7000 fffff880`00fc1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001806400 Cid 0004.0030 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740018 Ticks: 1110 (0:00:00:17.316) Context Switch Count 30328 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:01.279 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88000fcddd0 Current fffff88000fcd9d0 Base fffff88000fce000 Limit fffff88000fc8000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`00fcda10 fffff802`b3b2d99c : c000000d`00000000 00000000`00000000 fffff880`00fcdbb0 fffff880`048f2fb2 : nt!KiSwapContext+0x76 fffff880`00fcdb50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`00fcdc10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`01806400 fffff802`b3aef300 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`00fcdcc0 fffff802`b3aab535 : 7e000000`7e000000 00000000`00000080 fffff802`b3b3c450 fffffa80`01806400 : nt!ExpWorkerThread+0xf4 fffff880`00fcdd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01806400 fffffa80`01818040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`00fcdda0 00000000`00000000 : fffff880`00fce000 fffff880`00fc8000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80018457c0 Cid 0004.004c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff802b3d84180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88000ffedd0 Current fffff88000ffe950 Base fffff88000fff000 Limit fffff88000ff9000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`00ffe990 fffff802`b3b2d99c : ab401ff4`00000000 00000000`00000000 00401802`00000000 fffff802`b3ae56ac : nt!KiSwapContext+0x76 fffff880`00ffead0 fffff802`b3ae4d5b : fffff802`b3d7f180 00000000`00000000 00000000`00000005 fffffa80`018457c0 : nt!KiCommitThreadWait+0x23c fffff880`00ffeb90 fffff802`b3ae567a : fffff802`b3d7f180 00000000`00000001 fffff802`b3d7f180 fffffa80`018457c0 : nt!KeWaitForGate+0x10f fffff880`00ffebe0 fffff802`b3aab535 : ab401ff4`55a00ffa fffffa80`018457c0 00000000`00000080 d007fd2a`6803fe95 : nt!KiExecuteDpc+0xa6 fffff880`00ffed50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`018457c0 fffffa80`01829040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`00ffeda0 00000000`00000000 : fffff880`00fff000 fffff880`00ff9000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800181c040 Cid 0004.0054 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable fffff880009eb180 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740322 Ticks: 806 (0:00:00:12.573) Context Switch Count 135 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4) Stack Init fffff88002f0fdd0 Current fffff88002f0f950 Base fffff88002f10000 Limit fffff88002f0a000 Call 0 Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f0f990 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00401802`00000001 fffff802`b3ae56ac : nt!KiSwapContext+0x76 fffff880`02f0fad0 fffff802`b3ae4d5b : fffff802`b3dd9880 00000000`00000000 00000000`00000005 fffffa80`0181c040 : nt!KiCommitThreadWait+0x23c fffff880`02f0fb90 fffff802`b3ae567a : fffff880`009e6180 00000000`00000001 fffff880`009e6180 fffffa80`0181c040 : nt!KeWaitForGate+0x10f fffff880`02f0fbe0 fffff802`b3aab535 : 00000000`00000000 fffffa80`0181c040 00000000`00000080 00000000`00000000 : nt!KiExecuteDpc+0xa6 fffff880`02f0fd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0181c040 fffffa80`01837b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f0fda0 00000000`00000000 : fffff880`02f10000 fffff880`02f0a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001802b00 Cid 0004.0060 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable fffff802b3d53f80 NotificationEvent fffff802b3d540c0 Semaphore Limit 0x7fffffff fffff802b3d53f40 NotificationEvent fffff802b3d54020 NotificationEvent fffff802b3d527a0 NotificationEvent fffff802b3d527c0 SynchronizationEvent fffff802b3d53ee0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736321 Ticks: 4807 (0:00:01:14.989) Context Switch Count 1760 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiDereferenceSegmentThread (0xfffff802b3ac194c) Stack Init fffff88002f24dd0 Current fffff88002f249d0 Base fffff88002f25000 Limit fffff88002f1f000 Call 0 Priority 19 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f24a10 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3af9a29 : nt!KiSwapContext+0x76 fffff880`02f24b50 fffff802`b3b293cd : fffff802`b3d527a0 fffffa80`041c5918 00000000`00000000 fffff802`b3ba5b3d : nt!KiCommitThreadWait+0x23c fffff880`02f24c10 fffff802`b3ac1a0d : 00000000`00000007 fffff880`02f24d00 00000000`00000000 fffff802`00000012 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f24cc0 fffff802`b3aab535 : fffffa80`01802b00 00000000`00000080 00000000`00000000 fffff802`b3ac194c : nt!MiDereferenceSegmentThread+0xc1 fffff880`02f24d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01802b00 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f24da0 00000000`00000000 : fffff880`02f25000 fffff880`02f1f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80018177c0 Cid 0004.0064 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d276a0 Gate Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15732487 Ticks: 8641 (0:00:02:14.800) Context Switch Count 866 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.093 Win32 Start Address nt!MiModifiedPageWriter (0xfffff802b3baa478) Stack Init fffff88002f2bdd0 Current fffff88002f2ba40 Base fffff88002f2c000 Limit fffff88002f26000 Call 0 Priority 18 BasePriority 18 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f2ba80 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f2bbc0 fffff802`b3ae4d5b : 00000000`00000012 00000000`00000000 00000000`00000008 fffff802`b3ba9572 : nt!KiCommitThreadWait+0x23c fffff880`02f2bc80 fffff802`b3baa4ee : fffffa80`018177c0 fffff802`b3d276c0 fffff802`b3d276e0 d007fd2a`00000013 : nt!KeWaitForGate+0x10f fffff880`02f2bcd0 fffff802`b3aab535 : fffffa80`018177c0 ad007fd2`56803fe9 00000000`00000080 00000000`00000000 : nt!MiModifiedPageWriter+0x76 fffff880`02f2bd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`018177c0 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f2bda0 00000000`00000000 : fffff880`02f2c000 fffff880`02f26000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001833040 Cid 0004.0068 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad80 SynchronizationEvent fffff802b3d52f60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 3280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.156 Win32 Start Address nt!KeBalanceSetManager (0xfffff802b3b36620) Stack Init fffff88002f32dd0 Current fffff88002f329f0 Base fffff88002f33000 Limit fffff88002f2d000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f32a30 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`0007a401 : nt!KiSwapContext+0x76 fffff880`02f32b70 fffff802`b3b293cd : 00000000`00000000 fffffa80`01da2380 00000000`00000000 fffff802`b3d0d110 : nt!KiCommitThreadWait+0x23c fffff880`02f32c30 fffff802`b3b366c7 : 00000000`00000002 fffff880`02f32d20 00000000`00000008 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f32ce0 fffff802`b3aab535 : fffffa80`01833040 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBalanceSetManager+0xa7 fffff880`02f32d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01833040 fffffa80`01823040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f32da0 00000000`00000000 : fffff880`02f33000 fffff880`02f2d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001823040 Cid 0004.006c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d53aa0 SynchronizationEvent fffff802b3d53ab8 SynchronizationEvent fffff802b3d53ad0 SynchronizationEvent fffff802b3d53ae8 SynchronizationEvent fffff802b3d53b00 SynchronizationEvent fffff802b3d53b18 SynchronizationEvent fffff802b3d53b30 SynchronizationEvent fffff802b3d53b48 SynchronizationEvent fffff802b3d53b60 SynchronizationEvent fffff802b3d53b78 SynchronizationEvent fffff802b3d53b90 SynchronizationEvent fffff802b3d53ba8 SynchronizationEvent fffff802b3d53bc0 SynchronizationEvent fffff802b3d53bd8 SynchronizationEvent fffff802b3d53bf0 SynchronizationEvent fffff802b3d53c08 SynchronizationEvent fffff802b3d53c20 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741060 Ticks: 68 (0:00:00:01.060) Context Switch Count 16742 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!MiMappedPageWriter (0xfffff802b3b6f140) Stack Init fffff88002f39dd0 Current fffff88002f39970 Base fffff88002f3a000 Limit fffff88002f34000 Call 0 Priority 18 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f399b0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f39af0 fffff802`b3b293cd : 00000000`00000000 fffff802`b3b6ea27 00000000`00000000 00000000`00001000 : nt!KiCommitThreadWait+0x23c fffff880`02f39bb0 fffff802`b3b6f1f1 : fffffa80`00000011 fffff880`02f39ca0 fffffa80`03bb2ee0 fffffa80`00000008 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f39c60 fffff802`b3aab535 : fffffa80`01823040 00000000`00000080 00000000`00000000 d007fd2a`6803fe95 : nt!MiMappedPageWriter+0xb1 fffff880`02f39d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01823040 fffffa80`018177c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f39da0 00000000`00000000 : fffff880`02f3a000 fffff880`02f34000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001810b00 Cid 0004.0070 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d5ad40 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741071 Ticks: 57 (0:00:00:00.889) Context Switch Count 9193 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address nt!KeSwapProcessOrStack (0xfffff802b3aec50c) Stack Init fffff88002f40dd0 Current fffff88002f40a20 Base fffff88002f41000 Limit fffff88002f3b000 Call 0 Priority 23 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f40a60 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 fffff802`b3bbdb0c : nt!KiSwapContext+0x76 fffff880`02f40ba0 fffff802`b3b29c1f : 00000003`00000000 00000000`000a2401 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02f40c60 fffff802`b3aec549 : fffff802`b3d5ad40 00000000`00000000 00000000`00000000 fffffa80`039f7000 : nt!KeWaitForSingleObject+0x1cf fffff880`02f40cf0 fffff802`b3aab535 : fffffa80`01810b00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSwapProcessOrStack+0x3d fffff880`02f40d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01810b00 fffffa80`01833040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f40da0 00000000`00000000 : fffff880`02f41000 fffff880`02f3b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001803040 Cid 0004.007c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable fffff802b3d6fd60 SynchronizationEvent fffff802b3d6fd80 SynchronizationEvent fffff802b3d6fda0 SynchronizationEvent fffff802b3d6fdc0 SynchronizationEvent fffff802b3d6fde0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741056 Ticks: 72 (0:00:00:01.123) Context Switch Count 1706 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!CcQueueLazyWriteScanThread (0xfffff802b3b893d8) Stack Init fffff88002f55dd0 Current fffff88002f559e0 Base fffff88002f56000 Limit fffff88002f50000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f55a20 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f55b60 fffff802`b3b293cd : fffff802`b3d0d0c0 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`02f55c20 fffff802`b3b89467 : 00000000`00000005 fffff880`02f55d10 00000000`00000004 fffffa80`00000008 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f55cd0 fffff802`b3aab535 : fffffa80`01803040 00000000`00000000 fffffa80`01801b00 fffff802`b3b893d8 : nt!CcQueueLazyWriteScanThread+0x8f fffff880`02f55d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01803040 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f55da0 00000000`00000000 : fffff880`02f56000 fffff880`02f50000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001800040 Cid 0004.0080 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e020 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f61dd0 Current fffff88002f61a20 Base fffff88002f62000 Limit fffff88002f5c000 Call 0 Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f61a60 fffff802`b3b2d99c : 00200065`00720065 00000000`00000000 006e0069`0020006e 0069006c`00000001 : nt!KiSwapContext+0x76 fffff880`02f61ba0 fffff802`b3b38ddb : fffff802`b3d6e020 fffff802`b3d7f180 00000000`00000000 fffffa80`01838be0 : nt!KiCommitThreadWait+0x23c fffff880`02f61c60 fffff802`b3bc47c5 : fffff802`b3d6e020 fffffa80`01800000 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02f61d10 fffff802`b3aab535 : fffffa80`01838ba0 fffffa80`01800040 00740020`0072006f 00200073`00690068 : nt!FsRtlWorkerThread+0x4d fffff880`02f61d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01800040 fffffa80`01829040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f61da0 00000000`00000000 : fffff880`02f62000 fffff880`02f5c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800182b800 Cid 0004.0084 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d6e060 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 46 Ticks: 15741082 (2:20:12:42.453) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778) Stack Init fffff88002f68dd0 Current fffff88002f68a20 Base fffff88002f69000 Limit fffff88002f63000 Call 0 Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f68a60 fffff802`b3b2d99c : c0330200`00000000 00000000`00000000 8b575608`5d8b53ec ff056a00`00000001 : nt!KiSwapContext+0x76 fffff880`02f68ba0 fffff802`b3b38ddb : fffff802`b3d6e060 fffff802`b3d7f180 00000000`00000000 fffffa80`0180c050 : nt!KiCommitThreadWait+0x23c fffff880`02f68c60 fffff802`b3bc47c5 : fffff802`b3d6e060 fffffa80`0182b800 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02f68d10 fffff802`b3aab535 : fffffa80`0180c010 fffffa80`0182b800 000380b3`39107589 00aae9c0`33077200 : nt!FsRtlWorkerThread+0x4d fffff880`02f68d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0182b800 fffffa80`01835b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f68da0 00000000`00000000 : fffff880`02f69000 fffff880`02f63000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001825b00 Cid 0004.0088 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001807230 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65 Ticks: 15741063 (2:20:12:42.156) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f8fdd0 Current fffff88002f8f950 Base fffff88002f90000 Limit fffff88002f8a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f8f990 fffff802`b3b2d99c : fffff880`009e6180 00000000`00000000 fffff802`b3d7f180 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`02f8fad0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`02f8fb90 fffff802`b3b2943e : fffffa80`01807230 00000000`00000000 fffffa80`01807200 fffff880`009e6100 : nt!KeWaitForSingleObject+0x1cf fffff880`02f8fc20 fffff802`b3e540f2 : 00000000`00000001 fffff880`02f8fd10 fffffa80`01807040 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x2ce fffff880`02f8fcd0 fffff802`b3aab535 : fffffa80`01825b00 00000000`00000080 fffffa80`01807040 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02f8fd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01825b00 fffffa80`01818040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f8fda0 00000000`00000000 : fffff880`02f90000 fffff880`02f8a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800183a040 Cid 0004.008c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001818e30 SynchronizationEvent fffffa8001818e48 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 403 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f96dd0 Current fffff88002f969e0 Base fffff88002f97000 Limit fffff88002f91000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f96a20 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f96b60 fffff802`b3b293cd : 00000000`00000010 00000000`00000082 00000000`00000000 fffffa80`01818c40 : nt!KiCommitThreadWait+0x23c fffff880`02f96c20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`02f96d10 fffffa80`01818c40 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f96cd0 fffff802`b3aab535 : fffffa80`0183a040 00000000`00000080 fffffa80`01818c40 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02f96d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0183a040 fffffa80`01818040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f96da0 00000000`00000000 : fffff880`02f97000 fffff880`02f91000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001839b00 Cid 0004.0090 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001802230 SynchronizationEvent fffffa8001802248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 207 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002f9ddd0 Current fffff88002f9d9e0 Base fffff88002f9e000 Limit fffff88002f98000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f9da20 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f9db60 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3e54422 : nt!KiCommitThreadWait+0x23c fffff880`02f9dc20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`02f9dd10 fffffa80`01802040 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02f9dcd0 fffff802`b3aab535 : fffffa80`01839b00 00000000`00000080 fffffa80`01802040 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02f9dd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01839b00 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f9dda0 00000000`00000000 : fffff880`02f9e000 fffff880`02f98000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001903b00 Cid 0004.0094 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001903230 SynchronizationEvent fffffa8001903248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 60 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fa4dd0 Current fffff88002fa49e0 Base fffff88002fa5000 Limit fffff88002f9f000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fa4a20 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02fa4b60 fffff802`b3b293cd : 00000000`00000001 00000000`00000000 00000000`00000000 fffff802`b3e54422 : nt!KiCommitThreadWait+0x23c fffff880`02fa4c20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`02fa4d10 fffffa80`01903040 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02fa4cd0 fffff802`b3aab535 : fffffa80`01903b00 00000000`00000080 fffffa80`01903040 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02fa4d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01903b00 fffffa80`01818040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fa4da0 00000000`00000000 : fffff880`02fa5000 fffff880`02f9f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001902040 Cid 0004.0098 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019038f0 SynchronizationEvent fffffa8001903908 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739331 Ticks: 1797 (0:00:00:28.033) Context Switch Count 119 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fabdd0 Current fffff88002fab9e0 Base fffff88002fac000 Limit fffff88002fa6000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02faba20 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02fabb60 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 fffff880`009e6100 : nt!KiCommitThreadWait+0x23c fffff880`02fabc20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`02fabd10 fffffa80`01903700 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02fabcd0 fffff802`b3aab535 : fffffa80`01902040 00000000`00000080 fffffa80`01903700 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02fabd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01902040 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fabda0 00000000`00000000 : fffff880`02fac000 fffff880`02fa6000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800196fb00 Cid 0004.00a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001970230 SynchronizationEvent fffffa8001970248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 506 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc0dd0 Current fffff88002fc09e0 Base fffff88002fc1000 Limit fffff88002fbb000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fc0a20 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000000 fffff802`b3cf8504 : nt!KiSwapContext+0x76 fffff880`02fc0b60 fffff802`b3b293cd : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000800 : nt!KiCommitThreadWait+0x23c fffff880`02fc0c20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`02fc0d10 fffffa80`01970040 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02fc0cd0 fffff802`b3aab535 : fffffa80`0196fb00 00000000`00000080 fffffa80`01970040 000653e8`fffffdc4 : nt!EtwpLogger+0xb2 fffff880`02fc0d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0196fb00 fffffa80`01818040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fc0da0 00000000`00000000 : fffff880`02fc1000 fffff880`02fbb000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800196d040 Cid 0004.00a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800196e4b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15712882 Ticks: 28246 (0:00:07:20.640) Context Switch Count 130 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88002fc7dd0 Current fffff88002fc7950 Base fffff88002fc8000 Limit fffff88002fc2000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fc7990 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffffa80`02028000 : nt!KiSwapContext+0x76 fffff880`02fc7ad0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`02fc7b90 fffff802`b3b2943e : fffffa80`0196e4b0 fffffa80`00000000 fffffa80`0196e400 fffff880`009e6100 : nt!KeWaitForSingleObject+0x1cf fffff880`02fc7c20 fffff802`b3e540f2 : fffffa80`00000001 fffff880`02fc7d10 fffff880`02fc7b90 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x2ce fffff880`02fc7cd0 fffff802`b3aab535 : fffffa80`0196d040 00000000`00000080 fffffa80`0196e2c0 00000000`00000000 : nt!EtwpLogger+0xb2 fffff880`02fc7d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0196d040 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fc7da0 00000000`00000000 : fffff880`02fc8000 fffff880`02fc2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001810040 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fd5dd0 Current fffff88002fd5a20 Base fffff88002fd6000 Limit fffff88002fd0000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fd5a60 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiSwapContext+0x76 fffff880`02fd5ba0 fffff802`b3b38ddb : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02fd5c60 fffff802`b3bc49ea : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02fd5d10 fffff802`b3aab535 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fd5d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01810040 fffffa80`017ff800 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fd5da0 00000000`00000000 : fffff880`02fd6000 fffff880`02fd0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80017ff800 Cid 0004.00b4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fdcdd0 Current fffff88002fdca20 Base fffff88002fdd000 Limit fffff88002fd7000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fdca60 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiSwapContext+0x76 fffff880`02fdcba0 fffff802`b3b38ddb : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02fdcc60 fffff802`b3bc49ea : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02fdcd10 fffff802`b3aab535 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fdcd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`017ff800 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fdcda0 00000000`00000000 : fffff880`02fdd000 fffff880`02fd7000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80017fe040 Cid 0004.00b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002fe3dd0 Current fffff88002fe3a20 Base fffff88002fe4000 Limit fffff88002fde000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fe3a60 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02fe3ba0 fffff802`b3b38ddb : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02fe3c60 fffff802`b3bc49ea : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02fe3d10 fffff802`b3aab535 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fe3d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`017fe040 fffffa80`017feb00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02fe3da0 00000000`00000000 : fffff880`02fe4000 fffff880`02fde000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80017feb00 Cid 0004.00bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d5fec0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 69 Ticks: 15741059 (2:20:12:42.094) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0) Stack Init fffff88002feadd0 Current fffff88002feaa20 Base fffff88002feb000 Limit fffff88002fe5000 Call 0 Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02feaa60 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000008 : nt!KiSwapContext+0x76 fffff880`02feaba0 fffff802`b3b38ddb : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02feac60 fffff802`b3bc49ea : fffff802`b3d5fec0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`02fead10 fffff802`b3aab535 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopPassiveInterruptRealtimeWorker+0x2b fffff880`02fead50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`017feb00 fffffa80`017ff040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02feada0 00000000`00000000 : fffff880`02feb000 fffff880`02fe5000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001904300 Cid 0004.00c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001040bc0 NotificationEvent fffff88001040c00 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 2107 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ACPI!ACPIWorkerThread (0xfffff88001006874) Stack Init fffff88002ff1dd0 Current fffff88002ff1a00 Base fffff88002ff2000 Limit fffff88002fec000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02ff1a40 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02ff1b80 fffff802`b3b293cd : fffffa80`01da2380 00000000`00000000 00000000`00000000 fffffa80`01da24f0 : nt!KiCommitThreadWait+0x23c fffff880`02ff1c40 fffff880`010068e8 : fffff880`00000002 fffff880`02ff1d30 00000000`00000000 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`02ff1cf0 fffff802`b3aab535 : fffffa80`01904300 00000000`00000080 fffffa80`01837b00 00000000`00000000 : ACPI!ACPIWorkerThread+0x74 fffff880`02ff1d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01904300 fffffa80`01837b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02ff1da0 00000000`00000000 : fffff880`02ff2000 fffff880`02fec000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80019a8b00 Cid 0004.00c8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019a84e0 SynchronizationEvent fffffa80019a84f8 SynchronizationEvent fffffa80019a8510 SynchronizationEvent fffffa80019a8528 SynchronizationEvent fffffa80019a8540 SynchronizationEvent fffffa80019a8558 SynchronizationEvent fffffa80019a8570 SynchronizationEvent fffffa80019a8588 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678945 Ticks: 62183 (0:00:16:10.061) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address pci!RootPmeEventDispatcher (0xfffff8800119ef34) Stack Init fffff88003019dd0 Current fffff88003019810 Base fffff8800301a000 Limit fffff88003014000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03019850 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff802`b3a45224 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03019990 fffff802`b3b293cd : fffff880`00000052 00000002`00000002 00000000`00000000 fffff880`011af5c8 : nt!KiCommitThreadWait+0x23c fffff880`03019a50 fffff880`0119efce : 00000000`00000008 fffff880`03019b50 00000000`00000000 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03019b00 fffff802`b3aab535 : fffff880`009e6180 fffffa80`019a8b00 00000000`00000080 fffffa80`019a8010 : pci!RootPmeEventDispatcher+0x9a fffff880`03019d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`019a8b00 fffffa80`019a7040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03019da0 00000000`00000000 : fffff880`0301a000 fffff880`03014000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80019a7040 Cid 0004.00cc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001857698 SynchronizationEvent fffffa8001857680 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678905 Ticks: 62223 (0:00:16:10.685) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ACPI!PciRootBusBiosMethodDispatcherOnResume (0xfffff8800100d654) Stack Init fffff88003020dd0 Current fffff88003020a00 Base fffff88003021000 Limit fffff8800301b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03020a40 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 00000000`00000040 : nt!KiSwapContext+0x76 fffff880`03020b80 fffff802`b3b293cd : fffffa80`0211aca0 fffffa80`52706341 00000000`00000000 fffff880`0100d654 : nt!KiCommitThreadWait+0x23c fffff880`03020c40 fffff880`0100d6a5 : 00000000`00000002 fffff880`03020d30 fffffa80`01857590 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03020cf0 fffff802`b3aab535 : fffffa80`019a7040 fffff802`b3b2a825 00000000`00000000 00000000`0022048f : ACPI!PciRootBusBiosMethodDispatcherOnResume+0x51 fffff880`03020d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`019a7040 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03020da0 00000000`00000000 : fffff880`03021000 fffff880`0301b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80024f7b00 Cid 0004.00d0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a01770 NotificationEvent fffffa8001a01788 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8583 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address WdFilter!MpAsyncpWorkerThread (0xfffff8800158e360) Stack Init fffff880030a8dd0 Current fffff880030a89d0 Base fffff880030a9000 Limit fffff880030a3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030a8a10 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`030a8b50 fffff802`b3b293cd : fffffa80`0397a300 00000000`00000000 00000000`00000000 00000000`00000050 : nt!KiCommitThreadWait+0x23c fffff880`030a8c10 fffff880`0158e5db : fffff8a0`00000002 fffff880`030a8d00 fffff8a0`02c88a70 fffff802`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`030a8cc0 fffff802`b3aab535 : fffffa80`024f7b00 fffff802`00000000 00000000`00000000 ffffffff`fd050f80 : WdFilter!MpAsyncpWorkerThread+0x27b fffff880`030a8d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`024f7b00 fffffa80`01801b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`030a8da0 00000000`00000000 : fffff880`030a9000 fffff880`030a3000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80024fd040 Cid 0004.00d4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88001ce4ba0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734738 Ticks: 6390 (0:00:01:39.684) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ndis!ndisThreadPoolTimerHandler (0xfffff88001c843e8) Stack Init fffff880030d9dd0 Current fffff880030d9a40 Base fffff880030da000 Limit fffff880030d4000 Call 0 Priority 15 BasePriority 7 UnusualBoost 8 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030d9a80 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 d4001715`00000001 00000008`001fffff : nt!KiSwapContext+0x76 fffff880`030d9bc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`5393e5aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`030d9c80 fffff880`01c84407 : fffff880`01ce4ba0 00000000`00000000 fffffa80`024fdb00 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`030d9d10 fffff802`b3aab535 : fffff802`b3d7f180 fffffa80`02e2b300 00000000`00000000 00000000`002d13ed : ndis!ndisThreadPoolTimerHandler+0x1f fffff880`030d9d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`024fd040 fffffa80`024fdb00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`030d9da0 00000000`00000000 : fffff880`030da000 fffff880`030d4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80024fdb00 Cid 0004.00d8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 96856 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff880030e0dd0 Current fffff880030e09f0 Base fffff880030e1000 Limit fffff880030db000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030e0a30 fffff802`b3b2d99c : 00000002`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`030e0b70 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`030e0c30 fffff802`b3ab8209 : fffff880`01ce4b40 fffffa80`01f07700 0000020d`226ccc00 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`030e0ce0 fffff880`01c74b3b : fffffa80`00000000 ffffffff`00000000 fffff880`01ce4b88 fffffa80`01f075c0 : nt!KeRemoveQueue+0x21 fffff880`030e0d20 fffff802`b3aab535 : fffffa80`024fdb00 00000000`00000000 00000000`00000000 00000000`002d13e4 : ndis!ndisWorkerThread+0x3b fffff880`030e0d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`024fdb00 fffffa80`01835b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`030e0da0 00000000`00000000 : fffff880`030e1000 fffff880`030db000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002651b00 Cid 0004.00ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736316 Ticks: 4812 (0:00:01:15.067) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff88002f4edd0 Current fffff88002f4ea40 Base fffff88002f4f000 Limit fffff88002f49000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f4ea80 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`02f4ebc0 fffff802`b3b29c1f : fffffa80`026a7810 00000000`0129570b 00000000`00000000 00000200`00000008 : nt!KiCommitThreadWait+0x23c fffff880`02f4ec80 fffff880`02192115 : fffffa80`025ea1c0 fffffa80`00000000 fffff802`b3a89000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`02f4ed10 fffff802`b3aab535 : 00000000`00000080 fffffa80`01806400 fffff880`02192090 fffffa80`02651b00 : volsnap!VspWorkerThread+0x86 fffff880`02f4ed50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`02651b00 fffffa80`01806400 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f4eda0 00000000`00000000 : fffff880`02f4f000 fffff880`02f49000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002650040 Cid 0004.00f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea1e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 1317 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031a9dd0 Current fffff880031a9a40 Base fffff880031aa000 Limit fffff880031a4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031a9a80 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 000000f9`00000001 fffffa80`00000003 : nt!KiSwapContext+0x76 fffff880`031a9bc0 fffff802`b3b29c1f : fffffa80`03b49bf0 fffffa80`026a7810 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031a9c80 fffff880`02192115 : fffffa80`025ea1e0 fffffa80`00000000 fffffa80`03b49c00 fffffa80`025ea200 : nt!KeWaitForSingleObject+0x1cf fffff880`031a9d10 fffff802`b3aab535 : 00000000`00000080 fffffa80`02651b00 fffff880`02192090 fffffa80`02650040 : volsnap!VspWorkerThread+0x86 fffff880`031a9d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`02650040 fffffa80`02651b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031a9da0 00000000`00000000 : fffff880`031aa000 fffff880`031a4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002650b00 Cid 0004.00f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea200 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739296 Ticks: 1832 (0:00:00:28.579) Context Switch Count 2841 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.234 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b0dd0 Current fffff880031b0a40 Base fffff880031b1000 Limit fffff880031ab000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031b0a80 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`02cf12b0 : nt!KiSwapContext+0x76 fffff880`031b0bc0 fffff802`b3b29c1f : fffffa80`026448c0 fffff880`01e01979 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031b0c80 fffff880`02192115 : fffffa80`025ea200 00000000`00000000 fffffa80`04066d00 fffffa80`036a6d00 : nt!KeWaitForSingleObject+0x1cf fffff880`031b0d10 fffff802`b3aab535 : 00000000`00000080 fffffa80`01806400 fffff880`02192090 fffffa80`02650b00 : volsnap!VspWorkerThread+0x86 fffff880`031b0d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`02650b00 fffffa80`01806400 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031b0da0 00000000`00000000 : fffff880`031b1000 fffff880`031ab000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80026505c0 Cid 0004.00f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea220 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 704 Ticks: 15740424 (2:20:12:32.188) Context Switch Count 276 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031b7dd0 Current fffff880031b7a40 Base fffff880031b8000 Limit fffff880031b2000 Call 0 Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031b7a80 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00098000 : nt!KiSwapContext+0x76 fffff880`031b7bc0 fffff802`b3b29c1f : 00000000`00000002 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`031b7c80 fffff880`02192115 : fffffa80`025ea220 fffffa80`00000000 fffffa80`025ea200 fffffa80`025ea200 : nt!KeWaitForSingleObject+0x1cf fffff880`031b7d10 fffff802`b3aab535 : 00000000`00000080 fffffa80`0264e040 fffff880`02192090 fffffa80`026505c0 : volsnap!VspWorkerThread+0x86 fffff880`031b7d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`026505c0 fffffa80`0264e040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031b7da0 00000000`00000000 : fffff880`031b8000 fffff880`031b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800264f040 Cid 0004.00fc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea240 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031bedd0 Current fffff880031bea40 Base fffff880031bf000 Limit fffff880031b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031bea80 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`031bebc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`538595aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031bec80 fffff880`02192115 : fffffa80`025ea240 fffffa80`00000000 00000000`00000000 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031bed10 fffff802`b3aab535 : 00000000`00000080 fffffa80`02650b00 fffff880`02192090 fffffa80`0264f040 : volsnap!VspWorkerThread+0x86 fffff880`031bed50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0264f040 fffffa80`02650b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031beda0 00000000`00000000 : fffff880`031bf000 fffff880`031b9000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800264fb00 Cid 0004.0100 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea260 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031c5dd0 Current fffff880031c5a40 Base fffff880031c6000 Limit fffff880031c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031c5a80 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`031c5bc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`538225aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031c5c80 fffff880`02192115 : fffffa80`025ea260 fffffa80`00000000 00000001`6734b900 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031c5d10 fffff802`b3aab535 : 00000000`00000080 fffffa80`01829b00 fffff880`02192090 fffffa80`0264fb00 : volsnap!VspWorkerThread+0x86 fffff880`031c5d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0264fb00 fffffa80`01829b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031c5da0 00000000`00000000 : fffff880`031c6000 fffff880`031c0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800264e040 Cid 0004.0104 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea280 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031ccdd0 Current fffff880031cca40 Base fffff880031cd000 Limit fffff880031c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031cca80 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`031ccbc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`5382b5aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031ccc80 fffff880`02192115 : fffffa80`025ea280 fffffa80`00000000 00000000`00000000 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031ccd10 fffff802`b3aab535 : 00000000`00000080 fffffa80`0264f040 fffff880`02192090 fffffa80`0264e040 : volsnap!VspWorkerThread+0x86 fffff880`031ccd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0264e040 fffffa80`0264f040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031ccda0 00000000`00000000 : fffff880`031cd000 fffff880`031c7000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800264eb00 Cid 0004.0108 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2a0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031d3dd0 Current fffff880031d3a40 Base fffff880031d4000 Limit fffff880031ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031d3a80 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`031d3bc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`538345aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031d3c80 fffff880`02192115 : fffffa80`025ea2a0 fffffa80`00000000 00000000`00000000 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031d3d10 fffff802`b3aab535 : 00000000`00000080 fffffa80`0264fb00 fffff880`02192090 fffffa80`0264eb00 : volsnap!VspWorkerThread+0x86 fffff880`031d3d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0264eb00 fffffa80`0264fb00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031d3da0 00000000`00000000 : fffff880`031d4000 fffff880`031ce000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800264e5c0 Cid 0004.010c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80025ea2c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 169 Ticks: 15740959 (2:20:12:40.534) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090) Stack Init fffff880031dadd0 Current fffff880031daa40 Base fffff880031db000 Limit fffff880031d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031daa80 fffff802`b3b2d99c : cb8b48d5`00000001 00000000`00000000 bf000047`00000001 8bcb8b48`00007c14 : nt!KiSwapContext+0x76 fffff880`031dabc0 fffff802`b3b29c1f : d78b0000`47f6e8d7 ffff7cad`5383d5aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031dac80 fffff880`02192115 : fffffa80`025ea2c0 fffffa80`00000000 00000000`00000000 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031dad10 fffff802`b3aab535 : 00000000`00000080 fffffa80`026505c0 fffff880`02192090 fffffa80`0264e5c0 : volsnap!VspWorkerThread+0x86 fffff880`031dad50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0264e5c0 fffffa80`026505c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031dada0 00000000`00000000 : fffff880`031db000 fffff880`031d5000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002c6cb00 Cid 0004.0114 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88003574520 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14317 Ticks: 15726811 (2:20:08:59.823) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address watchdog!SMgrGdiCalloutThread (0xfffff8800356eddc) Stack Init fffff880031f7dd0 Current fffff880031f7a40 Base fffff880031f8000 Limit fffff880031f2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`031f7a80 fffff802`b3b2d99c : 00000066`00000000 00000000`00000000 00000000`00000000 fffff880`0340ada0 : nt!KiSwapContext+0x76 fffff880`031f7bc0 fffff802`b3b29c1f : 00000000`00000000 ffff7cad`538105aa 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`031f7c80 fffff880`0356ee1f : fffff880`03574520 fffff8a0`00000000 fffff8a0`02693500 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`031f7d10 fffff802`b3aab535 : fffffa80`02c6cb00 00000000`00000080 fffffa80`00000000 00000000`014e8bb1 : watchdog!SMgrGdiCalloutThread+0x43 fffff880`031f7d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02c6cb00 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`031f7da0 00000000`00000000 : fffff880`031f8000 fffff880`031f2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002daab00 Cid 0004.0118 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002daaea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 118 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!SepRmCommandServerThread (0xfffff802b3e4fd10) Stack Init fffff88002f6fdd0 Current fffff88002f6f270 Base fffff88002f70000 Limit fffff88002f6a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`02f6f2b0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff8a0`00000008 : nt!KiSwapContext+0x76 fffff880`02f6f3f0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02f6f4b0 fffff802`b3ee4c70 : fffffa80`02daaea8 fffffa80`00000010 fffffa80`01cc6101 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`02f6f540 fffff802`b3ef350d : fffff880`02f6f930 fffffa80`00000001 fffff880`02f6f700 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`02f6f5b0 fffff802`b3ef334b : fffffa80`02c53a40 fffff880`02f6f930 00000000`00000000 fffff8a0`0166ecf0 : nt!AlpcpReceiveLegacyMessage+0x11c fffff880`02f6f640 fffff802`b3ef31f3 : fffffa80`02daab00 00000000`00000000 00000000`00000000 fffff802`b3a89000 : nt!NtReplyWaitReceivePortEx+0xca fffff880`02f6f6d0 fffff802`b3b02d53 : fffff880`02f6f848 fffff880`02f6f800 00000000`00000480 fffff880`02f6f7d9 : nt!NtReplyWaitReceivePort+0xf fffff880`02f6f710 fffff802`b3b07f30 : fffff802`b3e4fd93 00000000`000cf188 fffff880`02f6fb30 fffff880`02f6f9b0 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02f6f710) fffff880`02f6f8a8 fffff802`b3e4fd93 : 00000000`000cf188 fffff880`02f6fb30 fffff880`02f6f9b0 00000000`00000000 : nt!KiServiceLinkage fffff880`02f6f8b0 fffff802`b3aab535 : fffffa80`02daab00 00000000`00000000 fffff880`009f1dc0 fffff802`b3e4fd10 : nt!SepRmCommandServerThread+0x83 fffff880`02f6fd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02daab00 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`02f6fda0 00000000`00000000 : fffff880`02f70000 fffff880`02f6a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002dec080 Cid 0004.0150 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffff802b3d6e560 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740122 Ticks: 1006 (0:00:00:15.693) Context Switch Count 2339 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!CmpLazyFlushWorker (0xfffff802b3e46354) Stack Init fffff88003165dd0 Current fffff88003165a40 Base fffff88003166000 Limit fffff88003160000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03165a80 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff802`b3e470d1 : nt!KiSwapContext+0x76 fffff880`03165bc0 fffff802`b3b29c1f : fffff880`03165d58 00000000`23c34600 00000000`00000000 ffffffff`ffffffff : nt!KiCommitThreadWait+0x23c fffff880`03165c80 fffff802`b3e46382 : fffff802`b3d6e560 fffff880`00000000 fffffa80`02dec001 fffff802`b3a89000 : nt!KeWaitForSingleObject+0x1cf fffff880`03165d10 fffff802`b3aab535 : fffffa80`02dec080 fffff802`b3b2a800 ffffffff`ffffffff 00000000`03b488da : nt!CmpLazyFlushWorker+0x2e fffff880`03165d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`02dec080 fffffa80`025f5700 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03165da0 00000000`00000000 : fffff880`03166000 fffff880`03160000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002e2b300 Cid 0004.015c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff88001ce4b40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 100462 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.218 Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00) Stack Init fffff8800305cdd0 Current fffff8800305c9f0 Base fffff8800305d000 Limit fffff88003057000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`0305ca30 fffff802`b3b2d99c : 00000002`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`0305cb70 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`0305cc30 fffff802`b3ab8209 : fffff880`01ce4b40 fffffa80`01f07700 fffffa80`02ebd100 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`0305cce0 fffff880`01c74b3b : fffffa80`00000000 ffffffff`00000000 fffff880`01ce4b88 fffffa80`01f07700 : nt!KeRemoveQueue+0x21 fffff880`0305cd20 fffff802`b3aab535 : fffffa80`02e2b300 00000000`00000000 fffff880`00000000 00000000`04424828 : ndis!ndisWorkerThread+0x3b fffff880`0305cd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02e2b300 fffffa80`024fd040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`0305cda0 00000000`00000000 : fffff880`0305d000 fffff880`03057000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002e59b00 Cid 0004.0160 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88004d58460 SynchronizationEvent fffff88004d584a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 2986 Ticks: 15738142 (2:20:11:56.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address raspptp!MainPassiveLevelThread (0xfffff88004d4db60) Stack Init fffff88003c06dd0 Current fffff88003c06a00 Base fffff88003c07000 Limit fffff88003c01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c06a40 fffff802`b3b2d99c : 00000001`00000000 00000000`00000000 00000000`00000001 ffffdfec`6bde2ca8 : nt!KiSwapContext+0x76 fffff880`03c06b80 fffff802`b3b293cd : 00000001`026471b0 fffffa80`017f5340 00000000`00000000 fffff880`03c06d68 : nt!KiCommitThreadWait+0x23c fffff880`03c06c40 fffff880`04d4dba9 : 00000000`00000002 fffff880`03c06d30 fffffa80`02e59b00 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03c06cf0 fffff802`b3aab535 : fffff880`009e6180 fffff802`b3b2a825 fffffa80`00000000 00000000`0459ebac : raspptp!MainPassiveLevelThread+0x49 fffff880`03c06d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02e59b00 fffffa80`01904300 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c06da0 00000000`00000000 : fffff880`03c07000 fffff880`03c01000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80031a4b00 Cid 0004.0164 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d200 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15737833 Ticks: 3295 (0:00:00:51.402) Context Switch Count 353 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.390 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8800307fdd0 Current fffff8800307f9d0 Base fffff88003080000 Limit fffff8800307a000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`0307fa10 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 00000000`0000009f : nt!KiSwapContext+0x76 fffff880`0307fb50 fffff802`b3b38ddb : fffffa80`0011a000 fffffa80`031a4b00 00000000`00000000 00000000`00000030 : nt!KiCommitThreadWait+0x23c fffff880`0307fc10 fffff802`b3b3c543 : fffff802`b3d0d200 fffff802`b3e67c00 fffff802`b3d26a00 fffff802`b3d0d200 : nt!KeRemoveQueueEx+0x26b fffff880`0307fcc0 fffff802`b3aab535 : fffff880`009e6180 00000000`00000080 fffff802`b3b3c450 fffffa80`031a4b00 : nt!ExpWorkerThread+0xf4 fffff880`0307fd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`031a4b00 fffffa80`01823980 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`0307fda0 00000000`00000000 : fffff880`03080000 fffff880`0307a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80031c7040 Cid 0004.0170 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15707887 Ticks: 33241 (0:00:08:38.562) Context Switch Count 5887 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.600 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c2fdd0 Current fffff88003c2f9d0 Base fffff88003c30000 Limit fffff88003c2a000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c2fa10 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 fffffa80`00000001 fffffa80`032061a0 : nt!KiSwapContext+0x76 fffff880`03c2fb50 fffff802`b3b38ddb : fffff802`b3d0d000 fffffa80`02dbb1b0 00000000`00000000 fffff802`b3b0d4c4 : nt!KiCommitThreadWait+0x23c fffff880`03c2fc10 fffff802`b3b3c543 : fffff802`b3d0d110 fffffa80`031c7000 fffff802`b3aef300 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`03c2fcc0 fffff802`b3aab535 : fffff880`009e6180 00000000`00000080 fffff802`b3b3c450 fffffa80`031c7040 : nt!ExpWorkerThread+0xf4 fffff880`03c2fd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`031c7040 fffffa80`01823980 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c2fda0 00000000`00000000 : fffff880`03c30000 fffff880`03c2a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80031c7b00 Cid 0004.0174 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740197 Ticks: 931 (0:00:00:14.523) Context Switch Count 4243 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:05.319 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88003c36dd0 Current fffff88003c369d0 Base fffff88003c37000 Limit fffff88003c31000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c36a10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`b3d0d000 fffffa80`02cd4770 : nt!KiSwapContext+0x76 fffff880`03c36b50 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3b0d4c4 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03c36c10 fffff802`b3b3c543 : fffff802`b3d0d110 fffff802`b3d1be00 fffff802`b3aef300 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`03c36cc0 fffff802`b3aab535 : fffff880`009e6180 00000000`00000080 fffff802`b3b3c450 fffffa80`031c7b00 : nt!ExpWorkerThread+0xf4 fffff880`03c36d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`031c7b00 fffffa80`01823980 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c36da0 00000000`00000000 : fffff880`03c37000 fffff880`03c31000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003260040 Cid 0004.017c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800325d948 NotificationEvent fffffa800325d960 NotificationEvent fffffa800325d978 NotificationEvent fffffa800325d990 NotificationEvent fffffa800325d9a8 NotificationEvent fffffa800325d9c0 NotificationEvent fffffa800325d9d8 NotificationEvent fffffa800325d9f0 NotificationEvent fffffa800325da08 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740171 Ticks: 957 (0:00:00:14.929) Context Switch Count 243 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address bthport!HCI_ThreadFunction (0xfffff880044df418) Stack Init fffff88003071dd0 Current fffff88003071770 Base fffff88003072000 Limit fffff8800306c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030717b0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`030718f0 fffff802`b3b293cd : ff00fa01`0000ae00 00000000`00000000 00000000`00000000 fffff880`03071a30 : nt!KiCommitThreadWait+0x23c fffff880`030719b0 fffff880`044df549 : fffffa80`00000009 fffff880`03071ad0 fffffa80`01a21670 fffff880`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03071a60 fffff802`b3aab535 : fffff880`009e6180 fffffa80`03260040 fffffa80`02eaaec0 fffff880`009f1dc0 : bthport!HCI_ThreadFunction+0x131 fffff880`03071d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03260040 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03071da0 00000000`00000000 : fffff880`03072000 fffff880`0306c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800183f080 Cid 0004.01a0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8002e421e8 SynchronizationEvent fffffa8002e42240 SynchronizationEvent fffffa8002e42298 SynchronizationEvent fffffa8002e42178 SynchronizationEvent fffffa8002e42148 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733181 Ticks: 7947 (0:00:02:03.973) Context Switch Count 25299 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address BasicRender!WARPKMADAPTER::WarpGPUWorkerThread (0xfffff880019f2860) Stack Init fffff88003c4bdd0 Current fffff88003c4abd0 Base fffff88003c4c000 Limit fffff88003c46000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c4ac10 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03c4ad50 fffff802`b3b293cd : fffffa80`038492c0 fffff880`03c4ae50 00000000`00000000 fffffa80`02e42000 : nt!KiCommitThreadWait+0x23c fffff880`03c4ae10 fffff880`019f1384 : 00000000`00000005 fffff880`03c4af10 01cdb6db`fbefb9a6 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03c4aec0 fffff802`b3aab535 : fffffa80`0183f080 fffffa80`0183f080 fffffa80`02e42000 fffffa80`02e577c0 : BasicRender!WARPKMADAPTER::RunGPU+0x1e7 fffff880`03c4bd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0183f080 fffffa80`02e577c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c4bda0 00000000`00000000 : fffff880`03c4c000 fffff880`03c46000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800188f080 Cid 0004.01a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018d8948 SynchronizationEvent fffffa80018d8910 SynchronizationEvent fffffa80018d89b8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734591 Ticks: 6537 (0:00:01:41.977) Context Switch Count 68404 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff88003c5add0 Current fffff88003c5a850 Base fffff88003c5b000 Limit fffff88003c55000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c5a890 fffff802`b3b2d99c : fffff8a0`06ac3620 00000000`00000000 fffffa80`00000006 fffffa80`00000001 : nt!KiSwapContext+0x76 fffff880`03c5a9d0 fffff802`b3b293cd : 00000000`00000002 fffffa80`018da000 00000000`00000000 fffffa80`018d88a0 : nt!KiCommitThreadWait+0x23c fffff880`03c5aa90 fffff880`035bca0f : fffffa80`00000003 fffff880`03c5ab98 fffffa80`018d8400 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03c5ab40 fffff880`03587fe5 : ffffffff`ff676980 00000000`00000001 fffff880`03c5aca9 fffffa80`018d8400 : dxgmms1!VidSchiWaitForSchedulerEvents+0x1d3 fffff880`03c5abe0 fffff880`035bc646 : 00000000`00000000 fffffa80`026004c0 fffffa80`03dba7a0 fffffa80`018d8400 : dxgmms1!VidSchiScheduleCommandToRun+0x289 fffff880`03c5ad10 fffff802`b3aab535 : fffffa80`0188f080 fffffa80`018d8400 fffffa80`017ff040 00000000`060087e4 : dxgmms1!VidSchiWorkerThread+0xca fffff880`03c5ad50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0188f080 fffffa80`017ff040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c5ada0 00000000`00000000 : fffff880`03c5b000 fffff880`03c55000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800188db00 Cid 0004.01a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable fffff88003c3db28 SynchronizationEvent fffff88003c3db10 SynchronizationEvent fffff88003c3dae0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 65555 Ticks: 15675573 (2:19:55:40.506) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!BLTQUEUE::BltQueueWorkerThread (0xfffff880034a21e8) Stack Init fffff88003c3ddd0 Current fffff88003c3d780 Base fffff88003c3e000 Limit fffff88003c38000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c3d7c0 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03c3d900 fffff802`b3b293cd : fffffa80`01c22080 00000000`00000000 00000000`00000000 fffffa80`01c221f0 : nt!KiCommitThreadWait+0x23c fffff880`03c3d9c0 fffff880`034a23bc : fffffa80`00000003 fffff880`03c3dac0 fffffa80`0188d098 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`03c3da70 fffff880`034a220d : 00000000`00000000 fffffa80`0188d098 fffffa80`0188d098 fffff880`009ebd40 : dxgkrnl!BLTQUEUE::BltQueueWorker+0x1a8 fffff880`03c3dd20 fffff802`b3aab535 : fffff880`009e6180 fffff802`b3b2a825 00000000`00000000 00000000`06008dbd : dxgkrnl!BLTQUEUE::BltQueueWorkerThread+0x25 fffff880`03c3dd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0188db00 fffffa80`017ff040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`03c3dda0 00000000`00000000 : fffff880`03c3e000 fffff880`03c38000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80033af900 Cid 0004.01e0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Alertable fffffa8002e8a880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 481 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address msrpc (0xfffff88000c9cb70) Stack Init fffff88003de6dd0 Current fffff88003de6650 Base fffff88003de7000 Limit fffff88003de1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03de6690 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 fffff880`03de6820 : nt!KiSwapContext+0x76 fffff880`03de67d0 fffff802`b3b38ddb : fffff880`03de6800 fffffa80`0182e480 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03de6890 fffff802`b3ed0b6c : fffffa80`02e8a880 fffff880`03de6d00 fffff880`03de6d01 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`03de6940 fffff802`b3e50a73 : fffffa80`02e8a880 fffff880`03de6d20 fffff880`03de6a30 fffff880`4d637052 : nt!IoRemoveIoCompletion+0x4c fffff880`03de69d0 fffff802`b3b02d53 : fffffa80`033af900 fffff880`03de6d08 fffff8a0`00000000 fffff8a0`02912638 : nt!NtRemoveIoCompletionEx+0xe3 fffff880`03de6ae0 fffff802`b3b07f30 : fffff880`00c9cba3 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03de6b50) fffff880`03de6ce8 fffff880`00c9cba3 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`02e7b400 : nt!KiServiceLinkage fffff880`03de6cf0 00000000`00000000 : 00000000`00000000 00000000`00000000 fffffa80`02e7b400 00000000`00000000 : msrpc+0x1dba3 THREAD fffffa80036fb740 Cid 0004.02a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800373f0e0 NotificationEvent fffffa800373f0f8 SynchronizationEvent fffffa800373f140 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11275 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.187 Win32 Start Address luafv!UsnThread (0xfffff88015276f50) Stack Init fffff880150bcdd0 Current fffff880150bc8f0 Base fffff880150bd000 Limit fffff880150b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150bc930 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 fffff802`00000001 : nt!KiSwapContext+0x76 fffff880`150bca70 fffff802`b3b293cd : fffffa80`02677de0 fffff880`150bcba0 00000000`00000000 fffff880`01518a6c : nt!KiCommitThreadWait+0x23c fffff880`150bcb30 fffff880`15277227 : 00000000`00000003 fffff880`150bcc20 00000000`00000103 fffff880`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`150bcbe0 fffff880`1527709e : fffffa80`03bd15c8 fffff8a0`023c0008 00000000`00001008 fffff880`150bcce8 : luafv!SynchronousFsControl+0x167 fffff880`150bcc80 fffff802`b3aab535 : fffff880`009e6180 fffffa80`036fb740 fffffa80`0373f070 00000000`0ae46c9b : luafv!UsnThread+0x14e fffff880`150bcd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`036fb740 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`150bcda0 00000000`00000000 : fffff880`150bd000 fffff880`150b7000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003048980 Cid 0004.04bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048050 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28512 Ticks: 15712616 (2:20:05:18.380) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e92dd0 Current fffff88014e929f0 Base fffff88014e93000 Limit fffff88014e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e92a30 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14e92b70 fffff802`b3b29c1f : fffffa80`03048040 00000000`00000003 00000000`00000000 fffff802`b3afa4d4 : nt!KiCommitThreadWait+0x23c fffff880`14e92c30 fffff880`15b042d4 : fffffa80`03048050 fffffa80`00000000 fffff880`15b2a500 fffffa80`03dfa700 : nt!KeWaitForSingleObject+0x1cf fffff880`14e92cc0 fffff802`b3aab535 : fffffa80`033a9150 fffff802`b3b2a825 fffff880`00000000 fffffa80`03048040 : HTTP!UlpThreadPoolWorker+0x2c8 fffff880`14e92d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03048980 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14e92da0 00000000`00000000 : fffff880`14e93000 fffff880`14e8d000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003048440 Cid 0004.04c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003048ed0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 28702 Ticks: 15712426 (2:20:05:15.416) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010) Stack Init fffff88014e99dd0 Current fffff88014e999f0 Base fffff88014e9a000 Limit fffff88014e94000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e99a30 fffff802`b3b2d99c : fffffa80`03f40790 00000000`00000000 fffff802`b3a89000 fffffa80`0304cc40 : nt!KiSwapContext+0x76 fffff880`14e99b70 fffff802`b3b29c1f : fffffa80`03f40770 fffffa80`03e2cc70 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14e99c30 fffff880`15b042d4 : fffffa80`03048ed0 fffff880`00000000 fffff880`15b2a500 fffffa80`03e2cc00 : nt!KeWaitForSingleObject+0x1cf fffff880`14e99cc0 fffff802`b3aab535 : fffffa80`0303c240 fffff802`b3b2a825 00000000`00000000 fffffa80`03048ec0 : HTTP!UlpThreadPoolWorker+0x2c8 fffff880`14e99d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03048440 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14e99da0 00000000`00000000 : fffff880`14e9a000 fffff880`14e94000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003050b00 Cid 0004.04c4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80017f3ee0 NotificationEvent fffffa8001845760 NotificationEvent fffff88015afb780 NotificationEvent fffff88015afb7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15730694 Ticks: 10434 (0:00:02:42.771) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address HTTP!UlpScavengerThread (0xfffff88015ab8c90) Stack Init fffff88014ea0dd0 Current fffff88014ea08c0 Base fffff88014ea1000 Limit fffff88014e9b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14ea0900 fffff802`b3b2d99c : fffaa700`00000001 00000000`00000000 05c600ff`00000001 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`14ea0a40 fffff802`b3b293cd : 00000000`00000098 fffff802`b3b2ef3b 00000000`00000000 ffffffff`4d6e2dd3 : nt!KiCommitThreadWait+0x23c fffff880`14ea0b00 fffff880`15ab8d8e : fffff880`00000004 fffff880`14ea0c10 fffff880`14ea0b00 90909090`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`14ea0bb0 fffff802`b3aab535 : fffffa80`03050b00 fffff802`b3dd9880 fffff802`b3a89000 00000000`0ef4bae3 : HTTP!UlpScavengerThread+0xfe fffff880`14ea0d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03050b00 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14ea0da0 00000000`00000000 : fffff880`14ea1000 fffff880`14e9b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003093b00 Cid 0004.0504 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015bc09c0 SynchronizationEvent fffff88015bc09a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address mpsdrv!IP6StringToAddress (0xfffff88015bb2600) Stack Init fffff88014efbdd0 Current fffff88014efb9e0 Base fffff88014efc000 Limit fffff88014ef6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14efba20 fffff802`b3b2d99c : fffff880`14efbb78 00000000`00000000 fffffa80`0266bdf0 fffff880`15bb1ef9 : nt!KiSwapContext+0x76 fffff880`14efbb60 fffff802`b3b293cd : 00000001`c78b5da1 fffffa80`0309c9d0 00000000`00000000 fffffa80`01980ff0 : nt!KiCommitThreadWait+0x23c fffff880`14efbc20 fffff880`15bb275a : fffffa80`00000002 fffff880`14efbd10 fffff880`15bc09e0 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`14efbcd0 fffff802`b3aab535 : 00000000`00000080 fffffa80`03093b00 00000000`00000000 00000000`0f48afa3 : mpsdrv!IP6StringToAddress+0x636 fffff880`14efbd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03093b00 fffffa80`031b5580 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14efbda0 00000000`00000000 : fffff880`14efc000 fffff880`14ef6000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80030ad080 Cid 0004.051c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80030a1230 SynchronizationEvent fffffa80030a1248 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736873 Ticks: 4255 (0:00:01:06.378) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88014f1edd0 Current fffff88014f1e9e0 Base fffff88014f1f000 Limit fffff88014f19000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f1ea20 fffff802`b3b2d99c : ffffffff`00000001 00000000`00000000 fffff8a0`00000000 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`14f1eb60 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 fffffa80`030a1200 : nt!KiCommitThreadWait+0x23c fffff880`14f1ec20 fffff802`b3e540f2 : fffffa80`00000002 fffff880`14f1ed10 fffffa80`030a1040 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f1ecd0 fffff802`b3aab535 : fffffa80`030ad080 00000000`00000080 fffffa80`030a1040 00000000`0f5b78a4 : nt!EtwpLogger+0xb2 fffff880`14f1ed50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`030ad080 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14f1eda0 00000000`00000000 : fffff880`14f1f000 fffff880`14f19000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003b63040 Cid 0004.0560 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80019f29f8 SynchronizationEvent fffffa80019f2a10 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736919 Ticks: 4209 (0:00:01:05.660) Context Switch Count 169 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address Ndu!NduTokenComputeTokensWorkerRoutine (0xfffff8801534cd58) Stack Init fffff88014f87dd0 Current fffff88014f879e0 Base fffff88014f88000 Limit fffff88014f82000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f87a20 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffffa80`00000001 00000000`10000001 : nt!KiSwapContext+0x76 fffff880`14f87b60 fffff802`b3b293cd : fffffa80`030a22e8 fffff880`1534a39d 00000000`00000000 fffffa80`03719c70 : nt!KiCommitThreadWait+0x23c fffff880`14f87c20 fffff880`1534cdeb : 00000000`00000002 fffff880`14f87d10 fffffa80`02ed22c0 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f87cd0 fffff802`b3aab535 : fffffa80`02db3c60 fffffa80`03b63040 00000000`00000080 fffffa80`019f29d0 : Ndu!NduTokenComputeTokensWorkerRoutine+0x93 fffff880`14f87d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03b63040 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14f87da0 00000000`00000000 : fffff880`14f88000 fffff880`14f82000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003bc0700 Cid 0004.0624 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8003bf59f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15739618 Ticks: 1510 (0:00:00:23.556) Context Switch Count 199 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040) Stack Init fffff88015e1bdd0 Current fffff88015e1b950 Base fffff88015e1c000 Limit fffff88015e16000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e1b990 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`01c00000 : nt!KiSwapContext+0x76 fffff880`15e1bad0 fffff802`b3b29c1f : 00000000`00000000 fffff8a0`00401000 00000000`00000000 fffffa80`03bf5b60 : nt!KiCommitThreadWait+0x23c fffff880`15e1bb90 fffff802`b3b2943e : fffffa80`03bf59f0 fffff880`00000000 00000000`00000000 00000000`00001000 : nt!KeWaitForSingleObject+0x1cf fffff880`15e1bc20 fffff802`b3e540f2 : fffffa80`00000001 fffff880`15e1bd10 fffff880`15e1bb90 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x2ce fffff880`15e1bcd0 fffff802`b3aab535 : fffffa80`03bc0700 00000000`00000080 fffffa80`03bf5800 00000000`103819fd : nt!EtwpLogger+0xb2 fffff880`15e1bd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03bc0700 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15e1bda0 00000000`00000000 : fffff880`15e1c000 fffff880`15e16000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003df1b00 Cid 0004.06e8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5a8 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15682200 Ticks: 58928 (0:00:15:19.282) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed1dd0 Current fffff88015ed1a10 Base fffff88015ed2000 Limit fffff88015ecc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ed1a50 fffff802`b3b2d99c : fffffa80`0414bc60 00000000`00000000 fffffa80`0414b950 fffff880`15c458b7 : nt!KiSwapContext+0x76 fffff880`15ed1b90 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`15c01ad9 : nt!KiCommitThreadWait+0x23c fffff880`15ed1c50 fffff880`15c51681 : fffff880`15c3b5a8 fffffa80`00000000 fffffa80`03e08900 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15ed1ce0 fffff802`b3aab535 : fffffa80`0414b960 00000000`00000000 00000000`00000000 00000000`1225b024 : srv2!SrvProcBackPocketThread+0x56 fffff880`15ed1d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03df1b00 fffffa80`036f4080 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15ed1da0 00000000`00000000 : fffff880`15ed2000 fffff880`15ecc000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003df15c0 Cid 0004.06ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b580 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15681641 Ticks: 59487 (0:00:15:28.003) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015eb5dd0 Current fffff88015eb5a10 Base fffff88015eb6000 Limit fffff88015eb0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15eb5a50 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 fffff880`01c48401 : nt!KiSwapContext+0x76 fffff880`15eb5b90 fffff802`b3b29c1f : 00000000`00000001 fffff880`15eb5d68 00000000`00000000 fffff880`15c01ad9 : nt!KiCommitThreadWait+0x23c fffff880`15eb5c50 fffff880`15c51681 : fffff880`15c3b580 fffffa80`00000000 fffffa80`03e08800 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15eb5ce0 fffff802`b3aab535 : fffffa80`04179020 00000000`00000000 00000000`00000000 00000000`1225b505 : srv2!SrvProcBackPocketThread+0x56 fffff880`15eb5d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03df15c0 fffffa80`039d5b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15eb5da0 00000000`00000000 : fffff880`15eb6000 fffff880`15eb0000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003defb00 Cid 0004.06f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff88015c3b5d0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630) Stack Init fffff88015ed8dd0 Current fffff88015ed8a10 Base fffff88015ed9000 Limit fffff88015ed3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ed8a50 fffff802`b3b2d99c : 00000000`00000003 00000000`00000000 00000000`011410be 00000000`00001000 : nt!KiSwapContext+0x76 fffff880`15ed8b90 fffff802`b3b29c1f : 00000000`00000000 fffffa80`031c71b0 00000000`00000000 fffff802`b3afa19e : nt!KiCommitThreadWait+0x23c fffff880`15ed8c50 fffff880`15c51681 : fffff880`15c3b5d0 00000000`00000000 fffff880`15c3b500 fffff880`03c2f900 : nt!KeWaitForSingleObject+0x1cf fffff880`15ed8ce0 fffff802`b3aab535 : fffff880`009e6180 00000000`00000000 00000000`00000000 00000000`1225b557 : srv2!SrvProcBackPocketThread+0x56 fffff880`15ed8d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03defb00 fffffa80`025eab00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15ed8da0 00000000`00000000 : fffff880`15ed9000 fffff880`15ed3000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003def5c0 Cid 0004.06f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffffa8003e38168 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address srv2!SrvProcIRPThread (0xfffff88015c54a50) Stack Init fffff88015edfdd0 Current fffff88015edf9c0 Base fffff88015ee0000 Limit fffff88015eda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15edfa00 fffff802`b3b2d99c : 61d80000`00000000 00000000`00000000 61d00000`00000000 6ce80000`0071db83 : nt!KiSwapContext+0x76 fffff880`15edfb40 fffff802`b3b38ddb : fffffa80`03e38168 000006ec`0071db83 00000000`00000000 62680000`0071db83 : nt!KiCommitThreadWait+0x23c fffff880`15edfc00 fffff802`b3ab8209 : fffffa80`03e38168 fffffa80`019bf600 00000000`00000000 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`15edfcb0 fffff880`15c54aa1 : 00000000`00000002 fffffa80`019bf6c0 62000000`0071db83 64300000`0071db83 : nt!KeRemoveQueue+0x21 fffff880`15edfcf0 fffff802`b3aab535 : fffff802`b3d7f180 fffffa80`03def5c0 6d100000`00000000 00000000`1225b509 : srv2!SrvProcIRPThread+0x51 fffff880`15edfd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03def5c0 fffffa80`03df15c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15edfda0 00000000`00000000 : fffff880`15ee0000 fffff880`15eda000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003e6eb00 Cid 0004.0700 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e669a8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015ef4dd0 Current fffff88015ef4970 Base fffff88015ef5000 Limit fffff88015eef000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e6e5c0 Cid 0004.0704 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66cc8 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015efbdd0 Current fffff88015efb970 Base fffff88015efc000 Limit fffff88015ef6000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7e040 Cid 0004.0708 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e66648 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f02dd0 Current fffff88015f02970 Base fffff88015f03000 Limit fffff88015efd000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e7eb00 Cid 0004.070c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffff88015399c18 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 12506 Ticks: 15728622 (2:20:09:28.075) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0) Stack Init fffff88015f09dd0 Current fffff88015f09970 Base fffff88015f0a000 Limit fffff88015f04000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80040a8080 Cid 0004.0858 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff802b3d10f08 NotificationEvent fffff802b3d10ec8 NotificationEvent fffff802b3d10eb0 NotificationEvent fffff802b3d11190 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740942 Ticks: 186 (0:00:00:02.901) Context Switch Count 4821 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.546 Win32 Start Address nt!PfTLoggingWorker (0xfffff802b3f605a0) Stack Init fffff8801628cdd0 Current fffff8801628c8f0 Base fffff8801628d000 Limit fffff88016287000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1628c930 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffffa80`00000000 : nt!KiSwapContext+0x76 fffff880`1628ca70 fffff802`b3b293cd : fffffa80`01cb3000 00000000`00000000 00000000`00000000 fffffa80`63416d4d : nt!KiCommitThreadWait+0x23c fffff880`1628cb30 fffff802`b3f6068f : fffff880`00000004 fffff880`1628cc38 00000000`00000001 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`1628cbe0 fffff802`b3aab535 : fffff880`009e6180 fffffa80`040a8080 fffff802`b3d10ea8 fffffa80`01904300 : nt!PfTLoggingWorker+0xef fffff880`1628cd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`040a8080 fffffa80`01904300 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`1628cda0 00000000`00000000 : fffff880`1628d000 fffff880`16287000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003e14b00 Cid 0004.0924 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001a2e9a0 Semaphore Limit 0x4000 fffffa8001a2e9e8 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 14339 Ticks: 15726789 (2:20:08:59.480) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine (0xfffff88003ecd5e0) Stack Init fffff880161e2dd0 Current fffff880161e24e0 Base fffff880161e3000 Limit fffff880161dd000 Call 0 Priority 7 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`161e2520 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`161e2660 fffff802`b3b293cd : fffff880`009e6180 fffff802`b3b41e33 00000000`00000000 fffff880`009e6180 : nt!KiCommitThreadWait+0x23c fffff880`161e2720 fffff880`03ecd6b7 : 00000000`00000002 fffff880`161e2838 fffffa80`03e14b00 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`161e27d0 fffff802`b3aab535 : fffffa80`01a2e000 fffff802`b3b2a825 fffffa80`00000000 00000000`14cdc4c7 : igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine+0xd7 fffff880`161e2d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03e14b00 fffffa80`03bc8480 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`161e2da0 00000000`00000000 : fffff880`161e3000 fffff880`161dd000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003fe9b00 Cid 0004.0928 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa80018a4a90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15678938 Ticks: 62190 (0:00:16:10.170) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address dxgkrnl!DpiPowerArbiterThread (0xfffff880034d2c6c) Stack Init fffff8801636cdd0 Current fffff8801636ca20 Base fffff8801636d000 Limit fffff88016367000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1636ca60 fffff802`b3b2d99c : 00000000`00000003 00000000`00000000 00000000`00000001 00000000`00000008 : nt!KiSwapContext+0x76 fffff880`1636cba0 fffff802`b3b29c1f : 00000000`00000000 fffffa80`038411b0 00000000`00000000 fffff802`b3afa19e : nt!KiCommitThreadWait+0x23c fffff880`1636cc60 fffff880`034d2cd3 : fffffa80`018a4a90 00000000`00000000 fffff880`034d2c00 fffff880`17572a00 : nt!KeWaitForSingleObject+0x1cf fffff880`1636ccf0 fffff802`b3aab535 : fffffa80`018a4a10 fffffa80`03fe9b00 00000000`00000080 fffffa80`018a4040 : dxgkrnl!DpiPowerArbiterThread+0x67 fffff880`1636cd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03fe9b00 fffffa80`017ff040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`1636cda0 00000000`00000000 : fffff880`1636d000 fffff880`16367000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80018b6b00 Cid 0004.094c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa8001899948 SynchronizationEvent fffffa8001899910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 52310 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:02.152 Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c) Stack Init fffff8801638fdd0 Current fffff8801638f850 Base fffff88016390000 Limit fffff8801638a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1638f890 fffff802`b3b2d99c : fffffa80`0384c060 00000000`00000000 fffffa80`01899400 fffffa80`0384b000 : nt!KiSwapContext+0x76 fffff880`1638f9d0 fffff802`b3b293cd : 00000000`00000760 fffffa80`02088000 00000000`00000000 fffffa80`018998a0 : nt!KiCommitThreadWait+0x23c fffff880`1638fa90 fffff880`035bca0f : fffffa80`00000002 fffff880`1638fb98 fffffa80`01899400 00000000`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`1638fb40 fffff880`03587fe5 : ffffffff`ff676980 00000000`00000001 fffff880`1638fca9 fffffa80`01899400 : dxgmms1!VidSchiWaitForSchedulerEvents+0x1d3 fffff880`1638fbe0 fffff880`035bc646 : 00000000`00000000 fffffa80`0196c6f0 fffffa80`03daf780 fffffa80`01899400 : dxgmms1!VidSchiScheduleCommandToRun+0x289 fffff880`1638fd10 fffff802`b3aab535 : fffffa80`018b6b00 fffffa80`01899400 fffff880`009f1dc0 00000000`14dae065 : dxgmms1!VidSchiWorkerThread+0xca fffff880`1638fd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`018b6b00 fffff880`009f1dc0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`1638fda0 00000000`00000000 : fffff880`16390000 fffff880`1638a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800416db00 Cid 0004.0c1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d1b0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1166 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801722cdd0 Current fffff8801722c9d0 Base fffff8801722d000 Limit fffff88017227000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1722ca10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 842d509e`79aa0000 : nt!KiSwapContext+0x76 fffff880`1722cb50 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3f282dc 00000000`00000000 fffff802`b3b07f30 : nt!KiCommitThreadWait+0x23c fffff880`1722cc10 fffff802`b3b3c543 : fffff802`b3d0d1b0 fffff802`b3f28200 fffff802`b3d1f400 fffff802`59706e00 : nt!KeRemoveQueueEx+0x26b fffff880`1722ccc0 fffff802`b3aab535 : fffff880`009e6180 00000000`00000080 fffff802`b3b3c450 fffffa80`0416db00 : nt!ExpWorkerThread+0xf4 fffff880`1722cd50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`0416db00 fffffa80`04160040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`1722cda0 00000000`00000000 : fffff880`1722d000 fffff880`17227000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001f1eb00 Cid 0004.0fb4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736574 Ticks: 4554 (0:00:01:11.042) Context Switch Count 12894 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88014f95dd0 Current fffff88014f959d0 Base fffff88014f96000 Limit fffff88014f90000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f95a10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 fffffa80`02ecaba0 : nt!KiSwapContext+0x76 fffff880`14f95b50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`14f95c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`01f1eb00 fffff802`b3aef300 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`14f95cc0 fffff802`b3aab535 : fffff802`b3d7f180 00000000`00000080 fffff802`b3b3c450 fffffa80`01f1eb00 : nt!ExpWorkerThread+0xf4 fffff880`14f95d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`01f1eb00 fffff802`b3dd9880 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`14f95da0 00000000`00000000 : fffff880`14f96000 fffff880`14f90000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800406ea40 Cid 0004.0f88 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d160 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 1547 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff8801754fdd0 Current fffff8801754f9d0 Base fffff88017550000 Limit fffff8801754a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1754fa10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff8a0`00000000 00000000`00000148 : nt!KiSwapContext+0x76 fffff880`1754fb50 fffff802`b3b38ddb : 00000000`00000000 fffff880`1754fc50 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1754fc10 fffff802`b3b3c543 : fffff802`b3d0d160 fffff802`b3ae7000 fffff802`b3d1fa00 00000000`00000000 : nt!KeRemoveQueueEx+0x26b fffff880`1754fcc0 fffff802`b3aab535 : 00000000`00000000 00000000`00000080 fffff802`b3b3c450 fffffa80`0406ea40 : nt!ExpWorkerThread+0xf4 fffff880`1754fd50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`0406ea40 fffffa80`02640b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`1754fda0 00000000`00000000 : fffff880`17550000 fffff880`1754a000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003fb7040 Cid 0004.0f8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15734339 Ticks: 6789 (0:00:01:45.909) Context Switch Count 18574 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:04.461 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f33dd0 Current fffff88015f339d0 Base fffff88015f34000 Limit fffff88015f2e000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f33a10 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 fffffa80`00000001 fffffa80`032061a0 : nt!KiSwapContext+0x76 fffff880`15f33b50 fffff802`b3b38ddb : fffff802`b3d0d000 fffffa80`02dbb1b0 00000000`00000000 fffff802`b3b0d4c4 : nt!KiCommitThreadWait+0x23c fffff880`15f33c10 fffff802`b3b3c543 : fffff802`b3d0d110 fffffa80`03fb7000 fffff802`b3aef300 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`15f33cc0 fffff802`b3aab535 : fffff880`00000001 00000000`00000080 fffff802`b3b3c450 fffffa80`03fb7040 : nt!ExpWorkerThread+0xf4 fffff880`15f33d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03fb7040 fffffa80`01846a80 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15f33da0 00000000`00000000 : fffff880`15f34000 fffff880`15f2e000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001e8a3c0 Cid 0004.0d54 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1236 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f3add0 Current fffff88015f3a9d0 Base fffff88015f3b000 Limit fffff88015f35000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f3aa10 fffff802`b3b2d99c : 00000000`00000018 00000000`00000000 fffffa80`033d8aa0 fffff802`b3cf72ba : nt!KiSwapContext+0x76 fffff880`15f3ab50 fffff802`b3b38ddb : fffff802`b3d0d000 fffffa80`033d8ab0 00000000`00000000 fffffa80`03b33060 : nt!KiCommitThreadWait+0x23c fffff880`15f3ac10 fffff802`b3b3c543 : fffff802`b3d0d110 fffffa80`01e8a300 fffff802`b3aef300 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`15f3acc0 fffff802`b3aab535 : ab401ff4`55a00ffa 00000000`00000080 fffff802`b3b3c450 fffffa80`01e8a3c0 : nt!ExpWorkerThread+0xf4 fffff880`15f3ad50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01e8a3c0 fffffa80`031c7040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15f3ada0 00000000`00000000 : fffff880`15f3b000 fffff880`15f35000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001da2380 Cid 0004.0f28 Teb: 0000000000000000 Win32Thread: 0000000000000000 READY on processor 1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 2738 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:06.427 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f41dd0 Current fffff88015f419d0 Base fffff88015f42000 Limit fffff88015f3c000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f41a10 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f41b50 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3dd8860 00000000`00000000 fffff880`01abb3a0 : nt!KiCommitThreadWait+0x23c fffff880`15f41c10 fffff802`b3b3c543 : fffff802`b3d0d110 fffff802`b3d6e800 fffff802`b3d0d100 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`15f41cc0 fffff802`b3aab535 : fffffa80`026471b0 00000000`00000080 fffff802`b3b3c450 fffffa80`01da2380 : nt!ExpWorkerThread+0xf4 fffff880`15f41d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01da2380 fffffa80`01e8a3c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15f41da0 00000000`00000000 : fffff880`15f42000 fffff880`15f3c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8003da1b00 Cid 0004.0eb0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741099 Ticks: 29 (0:00:00:00.452) Context Switch Count 8016 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88015f87dd0 Current fffff88015f879d0 Base fffff88015f88000 Limit fffff88015f82000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f87a10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000001 fffff880`15f87be0 : nt!KiSwapContext+0x76 fffff880`15f87b50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`15f87c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`03da1b00 fffff802`b3aef300 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`15f87cc0 fffff802`b3aab535 : 00000000`00000000 00000000`00000080 fffff802`b3b3c450 fffffa80`03da1b00 : nt!ExpWorkerThread+0xf4 fffff880`15f87d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`03da1b00 fffffa80`02150040 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`15f87da0 00000000`00000000 : fffff880`15f88000 fffff880`15f82000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80037195c0 Cid 0004.0eb8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d110 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 724 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:02.137 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016014dd0 Current fffff880160149d0 Base fffff88016015000 Limit fffff8801600f000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16014a10 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff8a0`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16014b50 fffff802`b3b38ddb : fffffa80`01a6cc00 fffff880`036c835d 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`16014c10 fffff802`b3b3c543 : fffff802`b3d0d110 fffffa80`03719500 fffffa80`03f36800 fffff802`b3d0d100 : nt!KeRemoveQueueEx+0x26b fffff880`16014cc0 fffff802`b3aab535 : 00000000`000204c6 00000000`00000080 fffff802`b3b3c450 fffffa80`037195c0 : nt!ExpWorkerThread+0xf4 fffff880`16014d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`037195c0 fffffa80`03785b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`16014da0 00000000`00000000 : fffff880`16015000 fffff880`1600f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002353b00 Cid 0004.0f1c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15720041 Ticks: 21087 (0:00:05:28.959) Context Switch Count 2281 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.062 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016030dd0 Current fffff880160309d0 Base fffff88016031000 Limit fffff8801602b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16030a10 fffff802`b3b2d99c : fffff802`b3b0d4c0 00000000`00000000 00000000`00000000 fffffa80`021289b0 : nt!KiSwapContext+0x76 fffff880`16030b50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`16030c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`02353b00 fffff802`b3aef300 fffff802`b3b0d400 : nt!KeRemoveQueueEx+0x26b fffff880`16030cc0 fffff802`b3aab535 : fffff880`00000001 00000000`00000080 fffff802`b3b3c450 fffffa80`02353b00 : nt!ExpWorkerThread+0xf4 fffff880`16030d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02353b00 fffffa80`01e26800 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`16030da0 00000000`00000000 : fffff880`16031000 fffff880`1602b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8002128840 Cid 0004.0ef8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15736573 Ticks: 4555 (0:00:01:11.058) Context Switch Count 454 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016037dd0 Current fffff880160379d0 Base fffff88016038000 Limit fffff88016032000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16037a10 fffff802`b3b2d99c : fffff802`b3b0d4c0 00000000`00000000 00000000`00000000 fffffa80`01f1ec70 : nt!KiSwapContext+0x76 fffff880`16037b50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`16037c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`02128800 fffff802`b3aef300 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`16037cc0 fffff802`b3aab535 : 00000000`00020bcd 00000000`00000080 fffff802`b3b3c450 fffffa80`02128840 : nt!ExpWorkerThread+0xf4 fffff880`16037d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`02128840 fffffa80`02353b00 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`16037da0 00000000`00000000 : fffff880`16038000 fffff880`16032000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa800236cb00 Cid 0004.0ebc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffffa800183bbc5 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15733088 Ticks: 8040 (0:00:02:05.424) Context Switch Count 24255 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:03.026 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff88016076dd0 Current fffff880160761a0 Base fffff88016077000 Limit fffff88016071000 Call 0 Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`160761e0 fffff802`b3b2d99c : 00001f80`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16076320 fffff802`b3b29c1f : 00000000`00000000 000007fe`f7ee34e0 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`160763e0 fffffa80`01b883d3 : fffffa80`0183bbc5 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16076470 fffffa80`0183bbc5 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`00000002 : 0xfffffa80`01b883d3 fffff880`16076478 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`00000002 00000000`00000000 : 0xfffffa80`0183bbc5 THREAD fffffa8002376b00 Cid 0004.0d8c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 18608 IdealProcessor: 0 NoStackSwap UserTime 00:00:00.000 KernelTime 00:00:00.452 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880160a0dd0 Current fffff880160a09d0 Base fffff880160a1000 Limit fffff8801609b000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`160a0a10 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 00000000`00000002 : nt!KiSwapContext+0x76 fffff880`160a0b50 fffff802`b3b38ddb : fffffa80`027af2b8 fffff880`049ebc35 00000000`00000000 fffff880`01c6f232 : nt!KiCommitThreadWait+0x23c fffff880`160a0c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffff880`01c6ef00 fffffa80`027af900 fffff802`b3d0d000 : nt!KeRemoveQueueEx+0x26b fffff880`160a0cc0 fffff802`b3aab535 : 00000000`00022579 00000000`00000080 fffff802`b3b3c450 fffffa80`02376b00 : nt!ExpWorkerThread+0xf4 fffff880`160a0d50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`02376b00 fffffa80`03ed49c0 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`160a0da0 00000000`00000000 : fffff880`160a1000 fffff880`1609b000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa8001ee6b00 Cid 0004.0f64 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable fffff802b3d0d0c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800182e480 Image: System Attached Process N/A Image: N/A Wait Start TickCount 15718535 Ticks: 22593 (0:00:05:52.453) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450) Stack Init fffff880173e9dd0 Current fffff880173e99d0 Base fffff880173ea000 Limit fffff880173e4000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173e9a10 fffff802`b3b2d99c : fffff802`b3b0d4c0 00000000`00000000 00000000`00000000 fffffa80`021289b0 : nt!KiSwapContext+0x76 fffff880`173e9b50 fffff802`b3b38ddb : fffffa80`02f31000 fffff880`049ebc35 00000000`00000000 fffffa80`02e29050 : nt!KiCommitThreadWait+0x23c fffff880`173e9c10 fffff802`b3b3c543 : fffff802`b3d0d0c0 fffffa80`01ee6b00 fffff802`b3aef300 fffff802`b3a39f00 : nt!KeRemoveQueueEx+0x26b fffff880`173e9cc0 fffff802`b3aab535 : fffffa80`026471b0 00000000`00000080 fffff802`b3b3c450 fffffa80`01ee6b00 : nt!ExpWorkerThread+0xf4 fffff880`173e9d50 fffff802`b3ae9e16 : fffff880`009e6180 fffffa80`01ee6b00 fffffa80`01823980 fffffa80`0182e480 : nt!PspSystemThreadStartup+0x59 fffff880`173e9da0 00000000`00000000 : fffff880`173ea000 fffff880`173e4000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 PROCESS fffffa8002d78500 SessionId: none Cid: 011c Peb: 7f6a68af000 ParentCid: 0004 DirBase: 06696000 ObjectTable: fffff8a000b3b840 HandleCount: Image: smss.exe THREAD fffffa8002dd1b00 Cid 011c.0120 Teb: 000007f6a68ad000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002e6b1c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 4944 Ticks: 15736184 (2:20:11:26.043) Context Switch Count 548 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.436 Win32 Start Address 0x000007f6a6b5bf10 Stack Init fffff88003001dd0 Current fffff880030010f0 Base fffff88003002000 Limit fffff88002ffc000 Call 0 Priority 13 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800209c440 Cid 011c.0ff0 Teb: 000007f6a68ab000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165f1dd0 Current fffff880165f1760 Base fffff880165f2000 Limit fffff880165ec000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165f17a0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 000007fe`00000000 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`165f18e0 fffff802`b3b38ddb : 00000000`00000070 fffff802`b3e8eae7 00000000`00000000 fffff880`165f1a10 : nt!KiCommitThreadWait+0x23c fffff880`165f19a0 fffff802`b3ed0b6c : fffffa80`02db4d00 fffffa80`0209c401 00000000`00000001 000000cf`0bfaf500 : nt!KeRemoveQueueEx+0x26b fffff880`165f1a50 fffff802`b3b434d5 : fffffa80`02db4d00 000000cf`0be32610 fffff880`165f1b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`165f1ae0 fffff802`b3b02d53 : 00000000`00000014 000000cf`0be32610 fffff880`00000010 000000cf`0bfaf5d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165f1c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165f1c40) 000000cf`0bfaf578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001d37700 Cid 011c.0d18 Teb: 000007f6a68a7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002db4d00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d78500 Image: smss.exe Attached Process N/A Image: N/A Wait Start TickCount 65560 Ticks: 15675568 (2:19:55:40.428) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003035dd0 Current fffff88003035760 Base fffff88003036000 Limit fffff88003030000 Call 0 Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`030357a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`030358e0 fffff802`b3b38ddb : fffffa80`02db4d00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`030359a0 fffff802`b3ed0b6c : fffffa80`02db4d00 fffffa80`01d37701 00000000`00000001 000000cf`0c0af800 : nt!KeRemoveQueueEx+0x26b fffff880`03035a50 fffff802`b3b434d5 : fffffa80`02db4d00 000000cf`0be3c710 fffff880`03035b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`03035ae0 fffff802`b3b02d53 : 00000000`00000014 000000cf`0be3c710 000000cf`00000010 000000cf`0c0af800 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03035c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03035c40) 000000cf`0c0af7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002e6b1c0 SessionId: 0 Cid: 0190 Peb: 7f7688e8000 ParentCid: 0188 DirBase: 114d5000 ObjectTable: fffff8a001c6c680 HandleCount: Image: csrss.exe THREAD fffffa80032b0600 Cid 0190.01ac Teb: 000007f7688ec000 Win32Thread: fffff901006ddb90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa80032b09a8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0023e4b90 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e21cb0 Stack Init fffff88003dacdd0 Current fffff88003dac660 Base fffff88003dad000 Limit fffff88003da7000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03dac6a0 fffff802`b3b2d99c : fffffa80`032b0600 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03dac7e0 fffff802`b3b29c1f : fffffa80`037804f0 00000000`00000000 00000000`00000000 fffffa80`03781330 : nt!KiCommitThreadWait+0x23c fffff880`03dac8a0 fffff802`b3af1a0a : fffffa80`032b09a8 fffffa80`00000011 ffffffff`00000001 00000000`00e09c00 : nt!KeWaitForSingleObject+0x1cf fffff880`03dac930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`032b09a8 00000000`00000001 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`03dac9e0 fffff802`b3ebb762 : fffffa80`037804f0 000007fe`f4e38200 00000000`00000000 000007fe`00000001 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`03daca40 fffff802`b3ec19c2 : fffffa80`037804f0 fffff960`00020000 000007fe`f4e38200 00000000`00000000 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`03dacb20 fffff802`b3b02d53 : fffffa80`032b0600 fffff880`03daccc0 fffff880`03dacbe8 00000000`00000018 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`03dacbd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dacc40) 00000016`85bdfa38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8002e6a940 Cid 0190.01b0 Teb: 000007f7688ea000 Win32Thread: fffff901006c1b90 WAIT: (UserRequest) UserMode Alertable fffffa800279a6c0 SynchronizationEvent fffffa80031b6be0 SynchronizationEvent fffffa8002e4b7a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e21630 Stack Init fffff88003dbadd0 Current fffff88003dba180 Base fffff88003dbb000 Limit fffff88003db5000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03dba1c0 fffff802`b3b2d99c : fffffa80`02e6a940 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03dba300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03dba3c0 fffff802`b3eca2ac : 00000000`00000003 fffff880`03dba540 fffffa80`02e4b7a0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03dba470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff8a0`01c6c680 : nt!ObWaitForMultipleObjects+0x29c fffff880`03dba980 fffff802`b3b02d53 : fffffa80`02e6a940 00000016`85c1fb88 fffff880`03dbabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03dbabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dbac40) 00000016`85c1fb68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80019ccb00 Cid 0190.01b4 Teb: 000007f7688e6000 Win32Thread: fffff901000c4b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80019ccea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1385 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.078 Win32 Start Address 0x000007fef4e84a3c Stack Init fffff88003db3dd0 Current fffff88003db3750 Base fffff88003db4000 Limit fffff88003dae000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03db3790 fffff802`b3b2d99c : fffffa80`019ccb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03db38d0 fffff802`b3b29c1f : fffff8a0`00000070 000007f7`688e6000 00000000`00000000 00000000`74636553 : nt!KiCommitThreadWait+0x23c fffff880`03db3990 fffff802`b3ee4c70 : fffffa80`019ccea8 fffff802`00000010 fffff8a0`018fd201 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`03db3a20 fffff802`b3eb9bd4 : 00000000`60000000 000007f7`688e6001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`03db3a90 fffff802`b3ec1949 : fffffa80`02ed6960 00000000`00000000 fffffa80`02ed6960 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`03db3b20 fffff802`b3b02d53 : fffffa80`019ccb00 fffff880`03db3cc0 fffff880`03db3be8 00000000`ffffffff : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`03db3bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03db3c40) 00000016`85c5f4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8002e8cb00 Cid 0190.01b8 Teb: 000007f7688e4000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002e8cea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e83d10 Stack Init fffff88003dc1dd0 Current fffff88003dc17a0 Base fffff88003dc2000 Limit fffff88003dbc000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03dc17e0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03dc1920 fffff802`b3b29c1f : 00000000`00000000 00000016`85c9f6e0 00000000`00000000 fffffa80`02db7e40 : nt!KiCommitThreadWait+0x23c fffff880`03dc19e0 fffff802`b3ee4c70 : fffffa80`02e8cea8 00000008`00000010 fffffa80`02dcd101 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`03dc1a70 fffff802`b3ef350d : 00000016`85c9f700 fffff8a0`00000001 fffff880`03dc1c00 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`03dc1ae0 fffff802`b3ef334b : fffffa80`019cc8e0 00000016`85c9f700 00000000`00000000 fffff8a0`01c46790 : nt!AlpcpReceiveLegacyMessage+0x11c fffff880`03dc1b70 fffff802`b3ef31f3 : fffffa80`02e8cb00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReplyWaitReceivePortEx+0xca fffff880`03dc1c00 fffff802`b3b02d53 : 00000000`00000001 00000016`85cd0000 00000000`00000001 fffffa80`02e8b5c0 : nt!NtReplyWaitReceivePort+0xf fffff880`03dc1c40 000007fe`f7ec2c9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dc1c40) 00000016`85c9f6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtReplyWaitReceivePort+0xa THREAD fffffa8002ecc9c0 Cid 0190.01d8 Teb: 000007f7688ee000 Win32Thread: fffff901001a5450 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002eccd68 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740979 Ticks: 149 (0:00:00:02.324) Context Switch Count 1291 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address 0x000007fef4e84a3c Stack Init fffff88003dd1dd0 Current fffff88003dd1750 Base fffff88003dd2000 Limit fffff88003dcc000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03dd1790 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03dd18d0 fffff802`b3b29c1f : 00000000`fffefffd fffffa80`03731d50 00000000`00000000 fffff802`b3ebb316 : nt!KiCommitThreadWait+0x23c fffff880`03dd1990 fffff802`b3ee4c70 : fffffa80`02eccd68 fffff802`00000010 fffff8a0`018fd201 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`03dd1a20 fffff802`b3eb9bd4 : 00000000`60000000 000007f7`688ee001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`03dd1a90 fffff802`b3ec1949 : fffffa80`02ed6960 00000000`00000000 fffffa80`02ed6960 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`03dd1b20 fffff802`b3b02d53 : fffffa80`02ecc9c0 fffff880`03dd1cc0 fffff880`03dd1be8 fffffa80`02ecc9c0 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`03dd1bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dd1c40) 00000016`8612f488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa800368ab00 Cid 0190.0210 Teb: 000007f7687be000 Win32Thread: fffff901001a3b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa800367bb50 SynchronizationEvent fffffa800367b970 NotificationTimer fffffa800367b920 SynchronizationTimer fffff802b3d20c20 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 307 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e22bd0 Stack Init fffff88003deddd0 Current fffff88003ded810 Base fffff88003dee000 Limit fffff88003de8000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03ded850 fffff802`b3b2d99c : fffffa80`0368ab00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03ded990 fffff802`b3b293cd : fffffa80`000000f2 00000000`00000001 00000000`00000000 00000000`000493e0 : nt!KiCommitThreadWait+0x23c fffff880`03deda50 fffff960`00152571 : 00000000`00000004 fffffa80`0367ba90 00000000`00000001 fffff960`0000000d : nt!KeWaitForMultipleObjects+0x25d fffff880`03dedb00 fffff960`001902d0 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!RawInputThread+0x695 fffff880`03dedbe0 fffff960`001376ff : 00000000`00000002 fffff880`03c68200 fffff880`03dedcc0 00000000`00000000 : win32k!xxxCreateSystemThreads+0x48 fffff880`03dedc10 fffff802`b3b02d53 : 00000000`00000006 00000000`00000020 000007f7`687be000 fffffa80`0368ab00 : win32k!NtUserCallNoParam+0x17f fffff880`03dedc40 000007fe`f4e2180a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dedc40) 00000016`8616fea8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f4e2180a THREAD fffffa800367fb00 Cid 0190.0214 Teb: 000007f7687bc000 Win32Thread: fffff901001a3610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800367b8f0 SynchronizationEvent fffffa8002eec1f0 SynchronizationEvent fffffa80036828e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 38 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e22bd0 Stack Init fffff8801501bdd0 Current fffff8801501b7e0 Base fffff8801501c000 Limit fffff88015016000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1501b820 fffff802`b3b2d99c : fffffa80`0367fb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1501b960 fffff802`b3b293cd : fffffa80`036839d8 00000000`00000001 00000000`00000000 fffffa80`036839d0 : nt!KiCommitThreadWait+0x23c fffff880`1501ba20 fffff960`000f6d4b : fffff901`00000003 fffffa80`0367b8c0 fffff901`001a3610 00000000`0000000d : nt!KeWaitForMultipleObjects+0x25d fffff880`1501bad0 fffff960`000f6fe6 : 00000000`00000000 00000000`00000001 fffff960`0040ec00 fffffa80`0367b8c0 : win32k!xxxDesktopThreadWaiter+0x107 fffff880`1501bb50 fffff960`001902e0 : 00000000`00000001 00000000`0000000c fffff960`001e21f0 fffff901`001a3470 : win32k!xxxDesktopThread+0x1e6 fffff880`1501bbe0 fffff960`001376ff : 00000000`00000001 fffff960`0040ec00 fffff880`1501bcc0 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58 fffff880`1501bc10 fffff802`b3b02d53 : 00000000`00000006 00000000`00000020 000007f7`687bc000 fffffa80`0367fb00 : win32k!NtUserCallNoParam+0x17f fffff880`1501bc40 000007fe`f4e2180a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1501bc40) 00000016`861af898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f4e2180a THREAD fffffa8003799b00 Cid 0190.02f8 Teb: 000007f7687ba000 Win32Thread: fffff901000bb580 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037999f0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e22bd0 Stack Init fffff8801512cdd0 Current fffff8801512c750 Base fffff8801512d000 Limit fffff88015127000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1512c790 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1512c8d0 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`1512cb10 : nt!KiCommitThreadWait+0x23c fffff880`1512c990 fffff802`b3b2943e : fffffa80`037999f0 00000000`0000000d fffffa80`03683901 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1512ca20 fffff960`000f6d4b : fffff901`00000001 fffffa80`036e4170 00000000`00000001 fffff901`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1512cad0 fffff960`000f6fe6 : 00000000`00000000 00000000`00000001 fffff960`00410e50 fffffa80`036e4170 : win32k!xxxDesktopThreadWaiter+0x107 fffff880`1512cb50 fffff960`001902e0 : 00000000`00000001 00000000`0000000c 00000000`00000000 fffff901`001d05c0 : win32k!xxxDesktopThread+0x1e6 fffff880`1512cbe0 fffff960`001376ff : 00000000`00000001 fffff960`00410e50 fffff880`1512ccc0 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58 fffff880`1512cc10 fffff802`b3b02d53 : 00000000`00000006 00000000`00000020 000007f7`687ba000 fffffa80`03799b00 : win32k!NtUserCallNoParam+0x17f fffff880`1512cc40 000007fe`f4e2180a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1512cc40) 00000016`8772f988 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f4e2180a THREAD fffffa8001eec080 Cid 0190.0258 Teb: 000007f7687b4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbd180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e6b1c0 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740099 Ticks: 1029 (0:00:00:16.052) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016373dd0 Current fffff88016373760 Base fffff88016374000 Limit fffff8801636e000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`163737a0 fffff802`b3b2d99c : fffffa80`01eec080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`163738e0 fffff802`b3b38ddb : fffffa80`03dbd180 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`163739a0 fffff802`b3ed0b6c : fffffa80`03dbd180 fffffa80`01eec001 00000000`00000001 00000016`87c7fc00 : nt!KeRemoveQueueEx+0x26b fffff880`16373a50 fffff802`b3b434d5 : fffffa80`03dbd180 00000016`85cee270 fffff880`16373b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`16373ae0 fffff802`b3b02d53 : 00000000`00000240 00000016`85cee270 00000016`00000010 00000016`87c7fca0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16373c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16373c40) 00000016`87c7fc48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002e7b940 SessionId: 0 Cid: 01c4 Peb: 7f6f01fc000 ParentCid: 0188 DirBase: 2449b000 ObjectTable: fffff8a00156ed80 HandleCount: Image: wininit.exe THREAD fffffa8002e8b5c0 Cid 01c4.01c8 Teb: 000007f6f01fe000 Win32Thread: fffff901000d4820 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003686d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 7115 Ticks: 15734013 (2:20:10:52.175) Context Switch Count 2948 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.358 Win32 Start Address 0x000007f6f0915c8c Stack Init fffff88003c68dd0 Current fffff88003c68900 Base fffff88003c69000 Limit fffff88003c63000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80041acb00 Cid 01c4.0e20 Teb: 000007f6f01fa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002e6bd40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002e7b940 Image: wininit.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f6bdd0 Current fffff88015f6b760 Base fffff88015f6c000 Limit fffff88015f66000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15f6b7a0 fffff802`b3b2d99c : 000000e7`16caf602 00000000`00000000 fffffa80`01f80c70 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f6b8e0 fffff802`b3b38ddb : fffff8a0`0849bbe0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`15f6b9a0 fffff802`b3ed0b6c : fffffa80`02e6bd40 fffffa80`041acb01 00000000`00000001 000000e7`16caf900 : nt!KeRemoveQueueEx+0x26b fffff880`15f6ba50 fffff802`b3b434d5 : fffffa80`02e6bd40 000000e7`16ad3330 fffff880`15f6bb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`15f6bae0 fffff802`b3b02d53 : 00000000`00000068 000000e7`16ad3330 000000e7`00000010 000000e7`16caf930 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15f6bc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f6bc40) 000000e7`16caf8d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa80033c3080 SessionId: 0 Cid: 0220 Peb: 7f75ab5d000 ParentCid: 01c4 DirBase: 2e23b000 ObjectTable: fffff8a0016a32c0 HandleCount: Image: services.exe THREAD fffffa800372cb00 Cid 0220.0278 Teb: 000007f75ab53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1e760 SynchronizationEvent fffffa8003715800 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef493cb10 Stack Init fffff8801507ddd0 Current fffff8801507d180 Base fffff8801507e000 Limit fffff88015078000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1507d1c0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1507d300 fffff802`b3b293cd : 00000000`00140001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1507d3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1507d540 fffffa80`03715800 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1507d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1507d980 fffff802`b3b02d53 : fffffa80`0372cb00 00000069`8401f728 fffff880`1507dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1507dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1507dc40) 00000069`8401f708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003746640 Cid 0220.02a4 Teb: 000007f75aa2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003743080 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 12509 Ticks: 15728619 (2:20:09:28.028) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150cadd0 Current fffff880150ca760 Base fffff880150cb000 Limit fffff880150c5000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc5b00 Cid 0220.0ab4 Teb: 000007f75aa2e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038142e0 NotificationEvent fffffa8002cf71c0 ProcessObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 157 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f09dd0 Current fffff88014f09180 Base fffff88014f0a000 Limit fffff88014f04000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f091c0 fffff802`b3b2d99c : fffffa80`03b0a200 00000000`00000000 00000002`03de5b00 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`14f09300 fffff802`b3b293cd : fffff880`0153b010 fffff880`14f095b0 00000000`00000000 fffff880`14f094d8 : nt!KiCommitThreadWait+0x23c fffff880`14f093c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`14f09540 fffffa80`02cf71c0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f09470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`01c17a30 : nt!ObWaitForMultipleObjects+0x29c fffff880`14f09980 fffff802`b3b02d53 : fffffa80`01cc5b00 00000069`8409f628 fffff880`14f09be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f09bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f09c40) 00000069`8409f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001cfdb00 Cid 0220.0284 Teb: 000007f75ab59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 294 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165c9dd0 Current fffff880165c9760 Base fffff880165ca000 Limit fffff880165c4000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165c97a0 fffff802`b3b2d99c : 00000069`83e9f802 00000000`00000000 fffffa80`04182c70 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165c98e0 fffff802`b3b38ddb : fffff8a0`01e4dcf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`165c99a0 fffff802`b3ed0b6c : fffffa80`0371d980 fffffa80`01cfdb01 00000000`00000001 00000069`83e9fa00 : nt!KeRemoveQueueEx+0x26b fffff880`165c9a50 fffff802`b3b434d5 : fffffa80`0371d980 00000069`83d46730 fffff880`165c9b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`165c9ae0 fffff802`b3b02d53 : 00000000`000000c0 00000069`83d46730 00000069`00000010 00000069`83e9faf0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165c9c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165c9c40) 00000069`83e9fa98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002669080 Cid 0220.07cc Teb: 000007f75aa24000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017053dd0 Current fffff88017053760 Base fffff88017054000 Limit fffff8801704e000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170537a0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`170538e0 fffff802`b3b38ddb : fffffa80`03e30000 fffffa80`00000000 00000000`00000000 fffff880`17053a30 : nt!KiCommitThreadWait+0x23c fffff880`170539a0 fffff802`b3ed0b6c : fffffa80`0370d800 fffffa80`02669001 00000000`00000001 00000069`8440f500 : nt!KeRemoveQueueEx+0x26b fffff880`17053a50 fffff802`b3b434d5 : fffffa80`0370d800 00000069`83d43bb0 fffff880`17053b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17053ae0 fffff802`b3b02d53 : 00000000`0000012c 00000069`83d43bb0 fffff880`00000010 00000069`8440f5c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17053c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17053c40) 00000069`8440f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002664b00 Cid 0220.097c Teb: 000007f75ab5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e9dd0 Current fffff880164e9760 Base fffff880164ea000 Limit fffff880164e4000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164e97a0 fffff802`b3b2d99c : fffff8a0`07f5bcf0 00000000`00000000 fffffa80`04182c70 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164e98e0 fffff802`b3b38ddb : fffff8a0`01e4dcf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`164e99a0 fffff802`b3ed0b6c : fffffa80`0371d980 fffffa80`02664b01 00000000`00000001 00000069`8376fb00 : nt!KeRemoveQueueEx+0x26b fffff880`164e9a50 fffff802`b3b434d5 : fffffa80`0371d980 00000069`83d45510 fffff880`164e9b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`164e9ae0 fffff802`b3b02d53 : 00000000`000000c0 00000069`83d45510 00000069`00000010 00000069`8376fb70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164e9c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164e9c40) 00000069`8376fb18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d2c700 Cid 0220.0ca4 Teb: 000007f75ab5b000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800371d980 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15733062 Ticks: 8066 (0:00:02:05.830) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164f2dd0 Current fffff880164f2760 Base fffff880164f3000 Limit fffff880164ed000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`164f27a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164f28e0 fffff802`b3b38ddb : fffffa80`0371d980 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`164f29a0 fffff802`b3ed0b6c : fffffa80`0371d980 fffffa80`02d2c701 00000000`00000001 00000069`83e1f900 : nt!KeRemoveQueueEx+0x26b fffff880`164f2a50 fffff802`b3b434d5 : fffffa80`0371d980 00000069`83d458b0 fffff880`164f2b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`164f2ae0 fffff802`b3b02d53 : 00000000`000000c0 00000069`83d458b0 00000069`00000010 00000069`83e1f920 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164f2c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164f2c40) 00000069`83e1f8c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80018f5b00 Cid 0220.05f0 Teb: 000007f75aa28000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800370d800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80033c3080 Image: services.exe Attached Process N/A Image: N/A Wait Start TickCount 15736073 Ticks: 5055 (0:00:01:18.858) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164e1dd0 Current fffff880164e1760 Base fffff880164e2000 Limit fffff880164dc000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164e17a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 000007fe`00000001 00000069`8388dab0 : nt!KiSwapContext+0x76 fffff880`164e18e0 fffff802`b3b38ddb : fffffa80`02dd6370 00000000`00000000 00000000`00000000 fffff880`164e1a80 : nt!KiCommitThreadWait+0x23c fffff880`164e19a0 fffff802`b3ed0b6c : fffffa80`0370d800 fffffa80`018f5b01 00000000`00000001 00000069`8430f900 : nt!KeRemoveQueueEx+0x26b fffff880`164e1a50 fffff802`b3b434d5 : fffffa80`0370d800 00000069`83d45c50 fffff880`164e1b80 fffffa80`02dd6370 : nt!IoRemoveIoCompletion+0x4c fffff880`164e1ae0 fffff802`b3b02d53 : 00000000`0000012c 00000069`83d45c50 00000069`00000010 00000069`8430f9d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164e1c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164e1c40) 00000069`8430f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003694940 SessionId: 0 Cid: 0228 Peb: 7f6f354f000 ParentCid: 01c4 DirBase: 2e64e000 ObjectTable: fffff8a0016aca40 HandleCount: Image: lsass.exe THREAD fffffa8003672080 Cid 0228.0230 Teb: 000007f6f354b000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8003672428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15680668 Ticks: 60460 (0:00:15:43.182) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6f3891040 Stack Init fffff88015029dd0 Current fffff880150297a0 Base fffff8801502a000 Limit fffff88015024000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150297e0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03698090 00000000`00000001 : nt!KiSwapContext+0x76 fffff880`15029920 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`150299e0 fffff802`b3ee4c70 : fffffa80`03672428 fffffa80`00000010 fffffa80`031c7101 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`15029a70 fffff802`b3ef350d : 00000022`79b7fa90 00000000`00000001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`15029ae0 fffff802`b3ef334b : fffffa80`03698090 00000022`79b7fa90 00000000`00000000 fffffa80`036d5c10 : nt!AlpcpReceiveLegacyMessage+0x11c fffff880`15029b70 fffff802`b3ef31f3 : fffffa80`03672080 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReplyWaitReceivePortEx+0xca fffff880`15029c00 fffff802`b3b02d53 : fffffa80`03672080 00000022`00000000 00000000`00000000 fffffa80`036e6210 : nt!NtReplyWaitReceivePort+0xf fffff880`15029c40 000007fe`f7ec2c9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15029c40) 00000022`79b7f868 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtReplyWaitReceivePort+0xa THREAD fffffa800369cb00 Cid 0228.0234 Teb: 000007f6f3549000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800368c4c0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15692050 Ticks: 49078 (0:00:12:45.621) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4aa3990 Stack Init fffff8801504cdd0 Current fffff8801504c900 Base fffff8801504d000 Limit fffff88015047000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1504c940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`0372b9e0 00000022`79a8e0d0 : nt!KiSwapContext+0x76 fffff880`1504ca80 fffff802`b3b29c1f : fffff880`1504cb70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`1504cb40 fffff802`b3ec9df6 : fffffa80`0368c4c0 fffff880`00000006 00000000`00000001 00000022`7a4fc400 : nt!KeWaitForSingleObject+0x1cf fffff880`1504cbd0 fffff802`b3b02d53 : fffffa80`0369cb00 00000000`ffffffff 00000000`00000000 fffffa80`0368c4c0 : nt!NtWaitForSingleObject+0xb6 fffff880`1504cc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1504cc40) 00000022`79bff4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80036f4700 Cid 0228.023c Teb: 000007f6f3545000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15731618 Ticks: 9510 (0:00:02:28.356) Context Switch Count 25 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801505add0 Current fffff8801505a760 Base fffff8801505b000 Limit fffff88015055000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1505a7a0 fffff802`b3b2d99c : fffffa80`036f69d4 00000000`00000000 fffffa80`036f4700 fffff802`b3bc5258 : nt!KiSwapContext+0x76 fffff880`1505a8e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1505a9a0 fffff802`b3ed0b6c : fffffa80`036f6d40 fffffa80`036f4701 00000000`00000001 00000022`79d5fd00 : nt!KeRemoveQueueEx+0x26b fffff880`1505aa50 fffff802`b3b434d5 : fffffa80`036f6d40 00000022`79a13410 fffff880`1505ab80 00000022`79d5fb01 : nt!IoRemoveIoCompletion+0x4c fffff880`1505aae0 fffff802`b3b02d53 : 00000000`000000e4 00000022`79a13410 fffff880`00000010 00000022`79d5fd00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1505ac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1505ac40) 00000022`79d5fca8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001f8a080 Cid 0228.0be4 Teb: 000007f6f354d000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800274cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 4108 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.218 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801708bdd0 Current fffff8801708b760 Base fffff8801708c000 Limit fffff88017086000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1708b7a0 fffff802`b3b2d99c : fffff802`b3dd8460 00000000`00000000 00000000`00000000 00000000`00002d65 : nt!KiSwapContext+0x76 fffff880`1708b8e0 fffff802`b3b38ddb : 00000000`00000960 fffff802`b3e8eae7 00000000`00000000 fffff880`1708ba10 : nt!KiCommitThreadWait+0x23c fffff880`1708b9a0 fffff802`b3ed0b6c : fffffa80`0364e880 fffffa80`01f8a001 00000000`00000001 00000022`798dfd00 : nt!KeRemoveQueueEx+0x26b fffff880`1708ba50 fffff802`b3b434d5 : fffffa80`0364e880 00000022`79a4aa90 fffff880`1708bb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1708bae0 fffff802`b3b02d53 : 00000000`000000c0 00000022`79a4aa90 00000022`00000010 00000022`798dfd00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1708bc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1708bc40) 00000022`798dfca8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001fa3080 Cid 0228.0c94 Teb: 000007f6f3547000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject IRP List: fffffa800404d990: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 4649 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e68dd0 Current fffff88014e68760 Base fffff88014e69000 Limit fffff88014e63000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14e687a0 fffff802`b3b2d99c : 00000022`79cdf902 00000000`00000000 fffffa80`01fa3080 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`14e688e0 fffff802`b3b38ddb : fffff8a0`0054b700 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`14e689a0 fffff802`b3ed0b6c : fffffa80`0364e880 fffffa80`01fa3001 00000000`00000001 00000022`79cdfb00 : nt!KeRemoveQueueEx+0x26b fffff880`14e68a50 fffff802`b3b434d5 : fffffa80`0364e880 00000022`79a137b0 fffff880`14e68b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`14e68ae0 fffff802`b3b02d53 : 00000000`000000c0 00000022`79a137b0 00000022`00000010 00000022`79cdfbe0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e68c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e68c40) 00000022`79cdfb88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001cc6080 Cid 0228.0b64 Teb: 000007f6f341e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15739107 Ticks: 2021 (0:00:00:31.527) Context Switch Count 650 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014edfdd0 Current fffff88014edf760 Base fffff88014ee0000 Limit fffff88014eda000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14edf7a0 fffff802`b3b2d99c : 00000022`00000001 00000000`00000000 fffffa80`00000001 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`14edf8e0 fffff802`b3b38ddb : fffff8a0`06855800 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`14edf9a0 fffff802`b3ed0b6c : fffffa80`0364e880 fffffa80`01cc6001 00000000`00000001 00000022`7a13f900 : nt!KeRemoveQueueEx+0x26b fffff880`14edfa50 fffff802`b3b434d5 : fffffa80`0364e880 00000022`7a67f500 fffff880`14edfb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`14edfae0 fffff802`b3b02d53 : 00000000`000000c0 00000022`7a67f500 00000000`00000010 00000022`7a13f970 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14edfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14edfc40) 00000022`7a13f918 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d4fb00 Cid 0228.0b8c Teb: 000007f6f341c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800364e880 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003694940 Image: lsass.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017092dd0 Current fffff88017092760 Base fffff88017093000 Limit fffff8801708d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170927a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff6fc`400b7d78 fffff802`b3b4efb1 : nt!KiSwapContext+0x76 fffff880`170928e0 fffff802`b3b38ddb : fffffa80`0364e880 fffff802`b3b4c9fd 00000000`00000000 00000000`00000a45 : nt!KiCommitThreadWait+0x23c fffff880`170929a0 fffff802`b3ed0b6c : fffffa80`0364e880 fffffa80`02d4fb01 00000000`00000001 00000022`7a22f500 : nt!KeRemoveQueueEx+0x26b fffff880`17092a50 fffff802`b3b434d5 : fffffa80`0364e880 00000022`7a508a30 fffff880`17092b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17092ae0 fffff802`b3b02d53 : 00000000`000000c0 00000022`7a508a30 00000022`00000010 00000022`7a22f5b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17092c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17092c40) 00000022`7a22f558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003740540 SessionId: 0 Cid: 0288 Peb: 7f6fb59b000 ParentCid: 0220 DirBase: 30729000 ObjectTable: fffff8a0023607c0 HandleCount: Image: svchost.exe THREAD fffffa800373db00 Cid 0288.028c Teb: 000007f6fb59e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800373eb60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff880150a7dd0 Current fffff880150a7900 Base fffff880150a8000 Limit fffff880150a2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150a7940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`0373c4b0 000000f7`c7e1a680 : nt!KiSwapContext+0x76 fffff880`150a7a80 fffff802`b3b29c1f : fffff880`150a7b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`150a7b40 fffff802`b3ec9df6 : fffffa80`0373eb60 fffff880`00000006 00000000`00000001 000000f7`c7e1ea00 : nt!KeWaitForSingleObject+0x1cf fffff880`150a7bd0 fffff802`b3b02d53 : fffffa80`0373db00 00000000`ffffffff 00000000`00000000 fffffa80`0373eb60 : nt!NtWaitForSingleObject+0xb6 fffff880`150a7c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150a7c40) 000000f7`c7cbf7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800373b8c0 Cid 0288.0290 Teb: 000007f6fb59c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003784180 SynchronizationEvent fffffa80037795d0 SynchronizationEvent fffffa8003779bc0 SynchronizationEvent fffffa8003780940 SynchronizationEvent fffffa800325fd00 SynchronizationEvent fffffa8003779750 SynchronizationEvent fffffa80037796d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 59 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150aedd0 Current fffff880150ae180 Base fffff880150af000 Limit fffff880150a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150ae1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`150ae300 fffff802`b3b293cd : fffff880`150ae698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`150ae3c0 fffff802`b3eca2ac : fffff880`00000007 fffff880`150ae540 fffffa80`037796d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`150ae470 fffff802`b3eca723 : 00000000`00000007 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`150ae980 fffff802`b3b02d53 : fffffa80`0373b8c0 000000f7`c7e0f628 fffff880`150aebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`150aebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150aec40) 000000f7`c7e0f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800375e8c0 Cid 0288.02c4 Teb: 000007f6fb593000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003762540 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7531 Ticks: 15733597 (2:20:10:45.686) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150fbdd0 Current fffff880150fb760 Base fffff880150fc000 Limit fffff880150f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800375d940 Cid 0288.02cc Teb: 000007f6fb597000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037593c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20982 Ticks: 15720146 (2:20:07:15.849) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150d1dd0 Current fffff880150d1760 Base fffff880150d2000 Limit fffff880150cc000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003719b00 Cid 0288.019c Teb: 000007f6fb466000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1059 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016454dd0 Current fffff88016454760 Base fffff88016455000 Limit fffff8801644f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164547a0 fffff802`b3b2d99c : 000000f7`c8e5f502 00000000`00000000 fffffa80`03719b00 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`164548e0 fffff802`b3b38ddb : fffff8a0`0252e150 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`164549a0 fffff802`b3ed0b6c : fffffa80`0373ea80 fffffa80`03719b01 00000000`00000001 000000f7`c8e5f700 : nt!KeRemoveQueueEx+0x26b fffff880`16454a50 fffff802`b3b434d5 : fffffa80`0373ea80 000000f7`c7edd5a0 fffff880`16454b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`16454ae0 fffff802`b3b02d53 : 00000000`00000054 000000f7`c7edd5a0 000000f7`00000010 000000f7`c8e5f7c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16454c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16454c40) 000000f7`c8e5f768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020bc940 Cid 0288.0048 Teb: 000007f6fb595000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 1060 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801644ddd0 Current fffff8801644d760 Base fffff8801644e000 Limit fffff88016448000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1644d7a0 fffff802`b3b2d99c : 000000f7`c856f602 00000000`00000000 fffffa80`020bc940 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`1644d8e0 fffff802`b3b38ddb : fffff8a0`0252e150 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`1644d9a0 fffff802`b3ed0b6c : fffffa80`0373ea80 fffffa80`020bc901 00000000`00000001 000000f7`c856f800 : nt!KeRemoveQueueEx+0x26b fffff880`1644da50 fffff802`b3b434d5 : fffffa80`0373ea80 000000f7`c7e9b0c0 fffff880`1644db80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1644dae0 fffff802`b3b02d53 : 00000000`00000054 000000f7`c7e9b0c0 000000f7`00000010 000000f7`c856f8d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1644dc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1644dc40) 000000f7`c856f878 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001ec1b00 Cid 0288.0f04 Teb: 000007f6fb599000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800373ea80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 230 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151e2dd0 Current fffff880151e2760 Base fffff880151e3000 Limit fffff880151dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151e27a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`151e28e0 fffff802`b3b38ddb : 00000000`00000328 fffff802`b3e8eae7 00000000`00000000 fffff880`151e2a10 : nt!KiCommitThreadWait+0x23c fffff880`151e29a0 fffff802`b3ed0b6c : fffffa80`0373ea80 fffffa80`01ec1b01 00000000`00000001 000000f7`c7f8f800 : nt!KeRemoveQueueEx+0x26b fffff880`151e2a50 fffff802`b3b434d5 : fffffa80`0373ea80 000000f7`c7ee95d0 fffff880`151e2b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`151e2ae0 fffff802`b3b02d53 : 00000000`00000054 000000f7`c7ee95d0 000000f7`00000010 000000f7`c7f8f890 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151e2c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151e2c40) 000000f7`c7f8f838 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001dfc900 Cid 0288.0d40 Teb: 000007f6fb464000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fe3c80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017492dd0 Current fffff88017492760 Base fffff88017493000 Limit fffff8801748d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174927a0 fffff802`b3b2d99c : 00000000`000000c2 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174928e0 fffff802`b3b38ddb : fffffa80`03fe3c80 fffff802`b3b4c9fd 00000000`00000000 00000000`00000818 : nt!KiCommitThreadWait+0x23c fffff880`174929a0 fffff802`b3ed0b6c : fffffa80`03fe3c80 fffffa80`01dfc901 00000000`00000001 000000f7`c8f5f500 : nt!KeRemoveQueueEx+0x26b fffff880`17492a50 fffff802`b3b434d5 : fffffa80`03fe3c80 000000f7`c7ededa0 fffff880`17492b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17492ae0 fffff802`b3b02d53 : 00000000`00000538 000000f7`c7ededa0 000000f7`00000010 000000f7`c8f5f5c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17492c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17492c40) 000000f7`c8f5f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d47080 Cid 0288.0f9c Teb: 000007f6fb462000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800388f1f0 SynchronizationEvent fffffa8003dc6060 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003740540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739363 Ticks: 1765 (0:00:00:27.534) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174a0dd0 Current fffff880174a0180 Base fffff880174a1000 Limit fffff8801749b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174a01c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174a0300 fffff802`b3b293cd : fffffa80`03dc6060 00000000`00000006 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`174a03c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`174a0540 fffffa80`03dc6060 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`174a0470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`174a0980 fffff802`b3b02d53 : fffffa80`02d47080 000000f7`c8fdf768 fffff880`174a0be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`174a0bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174a0c40) 000000f7`c8fdf748 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa PROCESS fffffa8003763540 SessionId: 0 Cid: 02b0 Peb: 7f6fab93000 ParentCid: 0220 DirBase: 30d47000 ObjectTable: fffff8a0023d3940 HandleCount: Image: svchost.exe THREAD fffffa8003756080 Cid 02b0.02b4 Teb: 000007f6fab9e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033d3300 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679237 Ticks: 61891 (0:00:16:05.505) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff880150d8dd0 Current fffff880150d8900 Base fffff880150d9000 Limit fffff880150d3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150d8940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 000000d3`4b6ca530 : nt!KiSwapContext+0x76 fffff880`150d8a80 fffff802`b3b29c1f : fffff880`150d8b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`150d8b40 fffff802`b3ec9df6 : fffffa80`033d3300 fffff880`00000006 00000000`00000001 000000d3`4bf39100 : nt!KeWaitForSingleObject+0x1cf fffff880`150d8bd0 fffff802`b3b02d53 : fffffa80`03756080 00000000`ffffffff 00000000`00000000 fffffa80`033d3300 : nt!NtWaitForSingleObject+0xb6 fffff880`150d8c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150d8c40) 000000d3`4b50f938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800375cb00 Cid 02b0.02d0 Teb: 000007f6fab98000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c060 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738870 Ticks: 2258 (0:00:00:35.225) Context Switch Count 182 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880150eddd0 Current fffff880150ed0f0 Base fffff880150ee000 Limit fffff880150e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150ed130 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 000000d3`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`150ed270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00020437`00020048 : nt!KiCommitThreadWait+0x23c fffff880`150ed330 fffff802`b3b2943e : fffffa80`0375c060 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`150ed3c0 fffff802`b3eca2ac : 00000000`00000001 fffff880`150ed540 fffff880`150ed5a0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`150ed470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`150ed980 fffff802`b3b02d53 : fffffa80`0375cb00 000000d3`4b8bf2c8 fffff880`150edbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`150edbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150edc40) 000000d3`4b8bf2a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80033d2b00 Cid 02b0.02d4 Teb: 000007f6fab96000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376a080 QueueObject IRP List: fffffa80031cbe10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8002e7d4f0: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679451 Ticks: 61677 (0:00:16:02.167) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015102dd0 Current fffff88015102760 Base fffff88015103000 Limit fffff880150fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`151027a0 fffff802`b3b2d99c : 00000000`ffff0000 00000000`00000000 fffff8a0`0667a030 fffff802`b3ee4019 : nt!KiSwapContext+0x76 fffff880`151028e0 fffff802`b3b38ddb : fffffa80`01c78e40 fffffa80`01c0c070 00000000`00000000 fffff802`b3eeb6d0 : nt!KiCommitThreadWait+0x23c fffff880`151029a0 fffff802`b3ed0b6c : fffffa80`0376a080 fffffa80`033d2b01 00000000`00000001 000000d3`4bc1fa00 : nt!KeRemoveQueueEx+0x26b fffff880`15102a50 fffff802`b3b434d5 : fffffa80`0376a080 000000d3`4b6ff750 fffff880`15102b80 00000000`a0000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15102ae0 fffff802`b3b02d53 : 00000000`00000110 000000d3`4b6ff750 fffff880`00000010 000000d3`4bc1fa80 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15102c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15102c40) 000000d3`4bc1fa28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003f5b080 Cid 02b0.0904 Teb: 000007f6faa66000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736696 Ticks: 4432 (0:00:01:09.139) Context Switch Count 99 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3f85570 Stack Init fffff880170cadd0 Current fffff880170ca0f0 Base fffff880170cb000 Limit fffff880170c5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170ca130 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffff880`00000001 fffff8a0`01e1d724 : nt!KiSwapContext+0x76 fffff880`170ca270 fffff802`b3b29c1f : fffff8a0`068fdd10 fffff8a0`02ffc990 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`170ca330 fffff802`b3b2943e : fffffa80`0375c300 00000000`00000006 fffff8a0`068fd801 fffff880`170caa00 : nt!KeWaitForSingleObject+0x1cf fffff880`170ca3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`170ca540 00000000`00000000 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`170ca470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffffa80`03668650 : nt!ObWaitForMultipleObjects+0x29c fffff880`170ca980 fffff802`b3b02d53 : fffffa80`03f5b080 000000d3`4c0bf9b8 fffff880`170cabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`170cabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170cac40) 000000d3`4c0bf998 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80021b0080 Cid 02b0.0784 Teb: 000007f6faa6a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800375c300 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728874 Ticks: 12254 (0:00:03:11.163) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3f85570 Stack Init fffff8801723add0 Current fffff8801723a0f0 Base fffff8801723b000 Limit fffff88017235000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1723a130 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1723a270 fffff802`b3b29c1f : fffff8a0`0264bd10 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1723a330 fffff802`b3b2943e : fffffa80`0375c300 00000000`00000006 fffff8a0`0264b801 fffff880`1723aa00 : nt!KeWaitForSingleObject+0x1cf fffff880`1723a3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`1723a540 00000000`00000000 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1723a470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffffa80`02771a70 : nt!ObWaitForMultipleObjects+0x29c fffff880`1723a980 fffff802`b3b02d53 : fffffa80`021b0080 000000d3`4be3f5e8 fffff880`1723abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1723abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1723ac40) 000000d3`4be3f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003797b00 Cid 02b0.0abc Teb: 000007f6fab94000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736683 Ticks: 4445 (0:00:01:09.342) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017172dd0 Current fffff88017172760 Base fffff88017173000 Limit fffff8801716d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171727a0 fffff802`b3b2d99c : 000000d3`4bc9f702 00000000`00000000 fffffa80`03797b00 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`171728e0 fffff802`b3b38ddb : fffff8a0`009121a0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`171729a0 fffff802`b3ed0b6c : fffffa80`03756d80 fffffa80`03797b01 00000000`00000001 000000d3`4bc9f900 : nt!KeRemoveQueueEx+0x26b fffff880`17172a50 fffff802`b3b434d5 : fffffa80`03756d80 000000d3`4b7407f0 fffff880`17172b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17172ae0 fffff802`b3b02d53 : 00000000`0000004c 000000d3`4b7407f0 000000d3`00000010 000000d3`4bc9f9d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17172c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17172c40) 000000d3`4bc9f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001fc54c0 Cid 02b0.0db0 Teb: 000007f6faa6e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 892 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174dddd0 Current fffff880174dd760 Base fffff880174de000 Limit fffff880174d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174dd7a0 fffff802`b3b2d99c : 000000d3`00000001 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174dd8e0 fffff802`b3b38ddb : fffff8a0`01e4dcf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`174dd9a0 fffff802`b3ed0b6c : fffffa80`03756d80 fffffa80`01fc5401 00000000`00000001 000000d3`4bd1fa00 : nt!KeRemoveQueueEx+0x26b fffff880`174dda50 fffff802`b3b434d5 : fffffa80`03756d80 000000d3`4beea540 fffff880`174ddb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`174ddae0 fffff802`b3b02d53 : 00000000`0000004c 000000d3`4beea540 000000d3`00000010 000000d3`4bd1fa40 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174ddc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174ddc40) 000000d3`4bd1f9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003757080 Cid 02b0.0f24 Teb: 000007f6fab9a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003756d80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8003763540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 103 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017456dd0 Current fffff88017456760 Base fffff88017457000 Limit fffff88017451000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174567a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03fc9c00 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174568e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KiCommitThreadWait+0x23c fffff880`174569a0 fffff802`b3ed0b6c : fffffa80`03756d80 fffffa80`03757001 00000000`00000001 000000d3`4b83f800 : nt!KeRemoveQueueEx+0x26b fffff880`17456a50 fffff802`b3b434d5 : fffffa80`03756d80 000000d3`4b6ce800 fffff880`17456b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`17456ae0 fffff802`b3b02d53 : 00000000`0000004c 000000d3`4b6ce800 000000d3`00000010 000000d3`4b83f840 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17456c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17456c40) 000000d3`4b83f7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa800379c940 SessionId: 0 Cid: 02f0 Peb: 7f6faabb000 ParentCid: 0220 DirBase: 31659000 ObjectTable: fffff8a00248d1c0 HandleCount: Image: svchost.exe THREAD fffffa800379a700 Cid 02f0.02f4 Teb: 000007f6faabe000 Win32Thread: fffff901000bb010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003795770 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88015117dd0 Current fffff88015117900 Base fffff88015118000 Limit fffff88015112000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15117940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`0379a390 00000040`33bb9490 : nt!KiSwapContext+0x76 fffff880`15117a80 fffff802`b3b29c1f : fffff880`15117b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15117b40 fffff802`b3ec9df6 : fffffa80`03795770 fffff880`00000006 00000000`00000001 00000040`35913f00 : nt!KeWaitForSingleObject+0x1cf fffff880`15117bd0 fffff802`b3b02d53 : fffffa80`0379a700 00000000`ffffffff 00000000`00000000 fffffa80`03795770 : nt!NtWaitForSingleObject+0xb6 fffff880`15117c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15117c40) 00000040`33b3f848 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80037b2b00 Cid 02f0.0308 Teb: 000007f6faab5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800379b750 SynchronizationEvent fffffa80037b2680 SynchronizationEvent fffffa800376f1b0 SynchronizationEvent fffffa800379b4b0 SynchronizationTimer fffffa800379b850 SynchronizationTimer fffffa80037b2600 SynchronizationEvent fffffa800379b7d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679108 Ticks: 62020 (0:00:16:07.518) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3b0bf50 Stack Init fffff8801514fdd0 Current fffff8801514f180 Base fffff88015150000 Limit fffff8801514a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1514f1c0 fffff802`b3b2d99c : fffffa80`03b6ec20 00000000`00000000 00000002`03bce900 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`1514f300 fffff802`b3b293cd : fffff880`0153b010 fffff880`1514f5b0 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`1514f3c0 fffff802`b3eca2ac : fffffa80`00000007 fffff880`1514f540 fffffa80`0379b7d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1514f470 fffff802`b3eca723 : 00000000`00000007 00000000`00000001 00000000`00000000 fffff880`015172e9 : nt!ObWaitForMultipleObjects+0x29c fffff880`1514f980 fffff802`b3b02d53 : fffffa80`037b2b00 00000040`3474f898 fffff880`1514fbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1514fbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1514fc40) 00000040`3474f878 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038cc080 Cid 02f0.02c0 Teb: 000007f6faab7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80038d49c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719569 Ticks: 21559 (0:00:05:36.322) Context Switch Count 309 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0fa1330 Stack Init fffff880154d3dd0 Current fffff880154d37a0 Base fffff880154d4000 Limit fffff880154ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154d37e0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 fffffa80`01821040 : nt!KiSwapContext+0x76 fffff880`154d3920 fffff802`b3b38ddb : 00000040`34e6fc90 00000000`00000040 00000000`00000000 fffff802`b3aaba03 : nt!KiCommitThreadWait+0x23c fffff880`154d39e0 fffff802`b3ed0b6c : fffffa80`038d49c0 00000000`00000001 00000040`34e6fd00 fffff880`154d3b00 : nt!KeRemoveQueueEx+0x26b fffff880`154d3a90 fffff802`b3eafcb5 : fffffa80`038d49c0 fffff880`154d3b88 fffff880`154d3b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`154d3b20 fffff802`b3b02d53 : fffffa80`038cc080 00000040`34e6fc88 fffff880`154d3be8 fffff6fb`7da0ffd8 : nt!NtRemoveIoCompletion+0x135 fffff880`154d3bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154d3c40) 00000040`34e6fc68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa80038af8c0 Cid 02f0.02dc Teb: 000007f6fa986000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038ac380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015504dd0 Current fffff88015504760 Base fffff88015505000 Limit fffff880154ff000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155047a0 fffff802`b3b2d99c : fffffa80`00000139 00000000`00000000 00000000`00000001 fffff8a0`00027010 : nt!KiSwapContext+0x76 fffff880`155048e0 fffff802`b3b38ddb : fffff8a0`06a36aa0 fffff880`15504cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`155049a0 fffff802`b3ed0b6c : fffffa80`038ac380 fffffa80`038af801 00000000`00000001 00000040`34eef900 : nt!KeRemoveQueueEx+0x26b fffff880`15504a50 fffff802`b3b434d5 : fffffa80`038ac380 00000040`34c6d120 fffff880`15504b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15504ae0 fffff802`b3b02d53 : 00000000`000002f0 00000040`34c6d120 fffff880`00000010 00000040`34eef990 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15504c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15504c40) 00000040`34eef938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003934a80 Cid 02f0.038c Teb: 000007f6fa980000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039243e0 NotificationEvent fffffa8003912880 SynchronizationEvent fffffa8003946ae0 NotificationEvent fffffa8003939d80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 86 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015519dd0 Current fffff88015519180 Base fffff8801551a000 Limit fffff88015514000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155191c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15519300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`155193c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`15519540 fffffa80`03939d80 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15519470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 fffff880`155199b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15519980 fffff802`b3b02d53 : fffffa80`03934a80 00000040`3506f878 fffff880`15519be8 00000040`3506f8a0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15519bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15519c40) 00000040`3506f858 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003937100 Cid 02f0.03d0 Teb: 000007f6fa97c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039243e0 NotificationEvent fffffa8003937b80 SynchronizationEvent fffffa80032b4ac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734019 Ticks: 7109 (0:00:01:50.901) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef07fc110 Stack Init fffff88015557dd0 Current fffff88015557180 Base fffff88015558000 Limit fffff88015552000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155571c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15557300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`155573c0 fffff802`b3eca2ac : 00000000`00000003 fffff880`15557540 fffffa80`032b4ac0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15557470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15557980 fffff802`b3b02d53 : fffffa80`03937100 00000040`3516f8b8 fffff880`15557be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15557bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15557c40) 00000040`3516f898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039576c0 Cid 02f0.0194 Teb: 000007f6fa97a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800393e750 NotificationEvent fffffa80039574a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11103 Ticks: 15730025 (2:20:09:49.962) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0ad97dc Stack Init fffff880154b0dd0 Current fffff880154b0180 Base fffff880154b1000 Limit fffff880154ab000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397f080 Cid 02f0.0404 Teb: 000007f6fa978000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa800392fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff8801559ddd0 Current fffff8801559d900 Base fffff8801559e000 Limit fffff88015598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1559d940 fffff802`b3b2d99c : ffff7cad`45c7a3da 00000000`00000000 fffff880`1559dcc0 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`1559da80 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1559db40 fffff802`b3ec9df6 : fffffa80`0392fa80 fffff880`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1559dbd0 fffff802`b3b02d53 : fffffa80`0397f080 00000000`ffffffff 00000000`00000000 fffffa80`0392fa80 : nt!NtWaitForSingleObject+0xb6 fffff880`1559dc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1559dc40) 00000040`3526f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800397f700 Cid 02f0.0408 Teb: 000007f6fa976000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003938f90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9576 Ticks: 15731552 (2:20:10:13.784) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef07dc138 Stack Init fffff88015596dd0 Current fffff88015596900 Base fffff88015597000 Limit fffff88015591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f84b00 Cid 02f0.07c8 Teb: 000007f6fa968000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d83b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13655 Ticks: 15727473 (2:20:09:10.151) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880160cadd0 Current fffff880160ca900 Base fffff880160cb000 Limit fffff880160c5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800279d800 Cid 02f0.0b80 Teb: 000007f6fa96e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002778930 NotificationEvent fffffa8003ee48f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015110dd0 Current fffff88015110180 Base fffff88015111000 Limit fffff8801510b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`151101c0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 fffff8a0`00000001 fffff8a0`06519800 : nt!KiSwapContext+0x76 fffff880`15110300 fffff802`b3b293cd : 00000000`00000000 fffff880`15110660 00000000`00000000 00000000`00000700 : nt!KiCommitThreadWait+0x23c fffff880`151103c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15110540 fffffa80`03ee48f0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15110470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`15110980 fffff802`b3b02d53 : fffffa80`0279d800 00000040`354ef7f8 fffff880`15110be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15110bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15110c40) 00000040`354ef7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80037fa080 Cid 02f0.09ec Teb: 000007f6fa98c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002da9c70 SynchronizationEvent fffffa80036d3c70 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737922 Ticks: 3206 (0:00:00:50.013) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.031 Win32 Start Address 0x000007fef3b1d5ac Stack Init fffff88015195dd0 Current fffff88015195180 Base fffff88015196000 Limit fffff88015190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151951c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15195300 fffff802`b3b293cd : fffffa80`00000000 00000000`00000000 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`151953c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15195540 fffffa80`036d3c70 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15195470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15195980 fffff802`b3b02d53 : fffffa80`037fa080 00000040`3499fb58 fffff880`15195be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15195bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15195c40) 00000040`3499fb38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003988700 Cid 02f0.0738 Teb: 000007f6fa98a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026241c0 SynchronizationEvent fffffa80018f7460 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727283 Ticks: 13845 (0:00:03:35.983) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3b1d5ac Stack Init fffff880151a3dd0 Current fffff880151a3180 Base fffff880151a4000 Limit fffff8801519e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`151a31c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`000033d9 : nt!KiSwapContext+0x76 fffff880`151a3300 fffff802`b3b293cd : 0000000f`ffffffff fffffa80`001ba4a0 00000000`00000000 fffffa80`00c42c30 : nt!KiCommitThreadWait+0x23c fffff880`151a33c0 fffff802`b3eca2ac : fffff8a0`00000002 fffff880`151a3540 fffffa80`018f7460 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`151a3470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`0151a140 : nt!ObWaitForMultipleObjects+0x29c fffff880`151a3980 fffff802`b3b02d53 : fffffa80`03988700 00000040`34a1f4d8 fffff880`151a3be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`151a3bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151a3c40) 00000040`34a1f4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f11080 Cid 02f0.0724 Teb: 000007f6fa98e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e05590 SynchronizationEvent fffffa8003dda840 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739381 Ticks: 1747 (0:00:00:27.253) Context Switch Count 96 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3b1d5ac Stack Init fffff88015172dd0 Current fffff88015172180 Base fffff88015173000 Limit fffff8801516d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151721c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15172300 fffff802`b3b293cd : fffffa80`00000000 00000000`00000000 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`151723c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`15172540 fffffa80`03dda840 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15172470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`01d45938 : nt!ObWaitForMultipleObjects+0x29c fffff880`15172980 fffff802`b3b02d53 : fffffa80`03f11080 00000040`3491f4a8 fffff880`15172be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15172bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15172c40) 00000040`3491f488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039da080 Cid 02f0.09cc Teb: 000007f6fa96c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800339a7f0 SynchronizationEvent fffffa80030abac0 SynchronizationTimer fffffa80040b2f50 SynchronizationEvent fffffa800362da30 SynchronizationEvent fffffa8003e2d320 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679442 Ticks: 61686 (0:00:16:02.307) Context Switch Count 257 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feecb6d438 Stack Init fffff88016470dd0 Current fffff88016470180 Base fffff88016471000 Limit fffff8801646b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`164701c0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16470300 fffff802`b3b293cd : 00000000`00000000 fffff880`16470660 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`164703c0 fffff802`b3eca2ac : fffff8a0`00000005 fffff880`16470540 fffffa80`03e2d320 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16470470 fffff802`b3eca723 : 00000000`00000005 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`16470980 fffff802`b3b02d53 : fffffa80`039da080 00000040`3556fa28 fffff880`16470be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16470bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16470c40) 00000040`3556fa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003be9740 Cid 02f0.07f8 Teb: 000007f6fa96a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003e2b900 NotificationEvent fffffa8003f1c4d0 SynchronizationEvent fffffa80038f4cc0 SynchronizationEvent fffffa800265a460 SynchronizationEvent fffffa8003f336c0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733531 Ticks: 7597 (0:00:01:58.513) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007feecb64140 Stack Init fffff88014fb1dd0 Current fffff88014fb1180 Base fffff88014fb2000 Limit fffff88014fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14fb11c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14fb1300 fffff802`b3b293cd : fffff880`14fb1698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14fb13c0 fffff802`b3eca2ac : fffff880`00000005 fffff880`14fb1540 fffffa80`03f336c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14fb1470 fffff802`b3eca723 : 00000000`00000005 00000000`00000001 00000000`00000000 fffffa80`03be9740 : nt!ObWaitForMultipleObjects+0x29c fffff880`14fb1980 fffff802`b3b02d53 : fffffa80`03be9740 00000040`355ef568 fffff880`14fb1be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14fb1bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fb1c40) 00000040`355ef548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038cdb00 Cid 02f0.0d94 Teb: 000007f6fa95e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject IRP List: fffffa8001ff9a60: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 2627 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016493dd0 Current fffff88016493760 Base fffff88016494000 Limit fffff8801648e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164937a0 fffff802`b3b2d99c : fffff880`16493cc0 00000000`00000000 fffffa80`038cdb00 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`164938e0 fffff802`b3b38ddb : fffff8a0`0252e150 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`164939a0 fffff802`b3ed0b6c : fffffa80`037903c0 fffffa80`038cdb01 00000000`00000001 00000040`36c2fa00 : nt!KeRemoveQueueEx+0x26b fffff880`16493a50 fffff802`b3b434d5 : fffffa80`037903c0 00000040`34cd5610 fffff880`16493b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`16493ae0 fffff802`b3b02d53 : 00000000`0000009c 00000040`34cd5610 00000040`00000010 00000040`36c2fa10 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16493c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16493c40) 00000040`36c2f9b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001c63080 Cid 02f0.0374 Teb: 000007f6fa97e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393e2a0 SynchronizationEvent fffffa800393dd00 SynchronizationEvent IRP List: fffffa8002e95b50: (0006,0118) Flags: 00060000 Mdl: fffffa8002770f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015542dd0 Current fffff88015542180 Base fffff88015543000 Limit fffff8801553d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155421c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15542300 fffff802`b3b293cd : fffff880`155426e0 fffff802`b3b772af 00000000`00000000 00000000`00000080 : nt!KiCommitThreadWait+0x23c fffff880`155423c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`15542540 fffffa80`0393dd00 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15542470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`037320ab : nt!ObWaitForMultipleObjects+0x29c fffff880`15542980 fffff802`b3b02d53 : fffffa80`01c63080 00000040`350efa68 fffff880`15542be8 00000000`00000001 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15542bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15542c40) 00000040`350efa48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800393cb00 Cid 02f0.0c64 Teb: 000007f6fa988000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393dc80 SynchronizationEvent fffffa800393dc00 SynchronizationEvent IRP List: fffffa8001e94790: (0006,0118) Flags: 00060000 Mdl: fffffa8001805f40 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679156 Ticks: 61972 (0:00:16:06.769) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0bc1544 Stack Init fffff88015463dd0 Current fffff88015463180 Base fffff88015464000 Limit fffff8801545e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154631c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 00000000`0000000c : nt!KiSwapContext+0x76 fffff880`15463300 fffff802`b3b293cd : fffff880`154635c0 00000000`00000000 00000000`00000000 fffff8a0`02492060 : nt!KiCommitThreadWait+0x23c fffff880`154633c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`15463540 fffffa80`0393dc00 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15463470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`037320ab : nt!ObWaitForMultipleObjects+0x29c fffff880`15463980 fffff802`b3b02d53 : fffffa80`0393cb00 00000040`34abf8e8 fffff880`15463be8 00000000`00000001 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15463bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15463c40) 00000040`34abf8c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f00840 Cid 02f0.0954 Teb: 000007f6fa972000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f46e0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec2654c0 Stack Init fffff880170d1dd0 Current fffff880170d1900 Base fffff880170d2000 Limit fffff880170cc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170d1940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 00000040`35a14570 : nt!KiSwapContext+0x76 fffff880`170d1a80 fffff802`b3b29c1f : d40016ff`ac87fffb 0000000c`001f0003 00000000`00000000 000007fe`ec27c168 : nt!KiCommitThreadWait+0x23c fffff880`170d1b40 fffff802`b3ec9df6 : fffffa80`019f46e0 fffff880`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`170d1bd0 fffff802`b3b02d53 : fffffa80`03f00840 00000000`ffffffff 00000000`00000000 fffffa80`019f46e0 : nt!NtWaitForSingleObject+0xb6 fffff880`170d1c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170d1c40) 00000040`34f6fc78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002198080 Cid 02f0.0830 Teb: 000007f6faab9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738520 Ticks: 2608 (0:00:00:40.685) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150b5dd0 Current fffff880150b5760 Base fffff880150b6000 Limit fffff880150b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150b57a0 fffff802`b3b2d99c : fffff880`150b5cc0 00000000`00000000 fffffa80`02198080 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`150b58e0 fffff802`b3b38ddb : fffff8a0`0252e150 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`150b59a0 fffff802`b3ed0b6c : fffffa80`037903c0 fffffa80`02198001 00000000`00000001 00000040`3426fb00 : nt!KeRemoveQueueEx+0x26b fffff880`150b5a50 fffff802`b3b434d5 : fffffa80`037903c0 00000040`35f18160 fffff880`150b5b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`150b5ae0 fffff802`b3b02d53 : 00000000`0000009c 00000040`35f18160 00000040`00000010 00000040`3426fba0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150b5c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150b5c40) 00000040`3426fb48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d4c700 Cid 02f0.02e8 Teb: 000007f6faabc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 127 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017476dd0 Current fffff88017476760 Base fffff88017477000 Limit fffff88017471000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174767a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`174768e0 fffff802`b3b38ddb : 00000000`00000c74 fffff802`b3e8eae7 00000000`00000000 fffff880`17476a10 : nt!KiCommitThreadWait+0x23c fffff880`174769a0 fffff802`b3ed0b6c : fffffa80`037903c0 fffffa80`02d4c701 00000000`00000001 00000040`341efa00 : nt!KeRemoveQueueEx+0x26b fffff880`17476a50 fffff802`b3b434d5 : fffffa80`037903c0 00000040`35f18500 fffff880`17476b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17476ae0 fffff802`b3b02d53 : 00000000`0000009c 00000040`35f18500 fffff880`00000010 00000040`341efa30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17476c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17476c40) 00000040`341ef9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002e5c080 Cid 02f0.0cf4 Teb: 000007f6fa982000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037903c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 102 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162c4dd0 Current fffff880162c4760 Base fffff880162c5000 Limit fffff880162bf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162c47a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`162c48e0 fffff802`b3b38ddb : fffff802`b3d0d000 00000000`00000000 00000000`00000000 fffff802`b3b3cafa : nt!KiCommitThreadWait+0x23c fffff880`162c49a0 fffff802`b3ed0b6c : fffffa80`037903c0 fffffa80`02e5c001 00000000`00000001 00000040`353ef500 : nt!KeRemoveQueueEx+0x26b fffff880`162c4a50 fffff802`b3b434d5 : fffffa80`037903c0 00000040`35f19720 fffff880`162c4b80 fffff802`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`162c4ae0 fffff802`b3b02d53 : 00000000`0000009c 00000040`35f19720 fffff880`00000010 00000040`353ef540 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162c4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162c4c40) 00000040`353ef4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003ed49c0 Cid 02f0.0974 Teb: 000007f6fa970000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002cbe6c0 NotificationEvent fffffa8001eb5e80 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738061 Ticks: 3067 (0:00:00:47.845) Context Switch Count 125 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007fef07f26cc Stack Init fffff880165bbdd0 Current fffff880165bb180 Base fffff880165bc000 Limit fffff880165b6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165bb1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165bb300 fffff802`b3b293cd : fffffa80`01f07400 fffffa80`02cbe6c0 00000000`00000000 fffff802`b3bc5258 : nt!KiCommitThreadWait+0x23c fffff880`165bb3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`165bb540 fffffa80`01eb5e80 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`165bb470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`165bb9b0 00000000`00000003 : nt!ObWaitForMultipleObjects+0x29c fffff880`165bb980 fffff802`b3b02d53 : fffffa80`03ed49c0 00000040`35c6ec78 fffff880`165bbbe8 00000040`35c6eca0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`165bbbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165bbc40) 00000040`35c6ec58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80020eb080 Cid 02f0.0134 Teb: 000007f6fa966000 Win32Thread: 0000000000000000 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 0000004034dad9c0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800379c940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737866 Ticks: 3262 (0:00:00:50.887) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef07f1044 Stack Init fffff8801714fdd0 Current fffff8801714f970 Base fffff88017150000 Limit fffff8801714a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1714f9b0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 00000000`00000000 00000000`656b6f54 : nt!KiSwapContext+0x76 fffff880`1714faf0 fffff802`b3adf817 : 00000000`ffffffff fffff802`b3ec380b 00000000`00000000 000007fe`f3e533b8 : nt!KiCommitThreadWait+0x23c fffff880`1714fbb0 fffff802`b3ea4e5e : fffffa80`020eb080 00000000`00000000 00000040`34dad9c0 00000000`00000000 : nt!KeWaitForAlertByThreadId+0x13b fffff880`1714fc10 fffff802`b3b02d53 : fffffa80`020eb080 fffff880`1714fc50 ffffffff`dc3cba00 fffffa80`0379c5e0 : nt!NtWaitForAlertByThreadId+0x2a fffff880`1714fc40 000007fe`f7ec466b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1714fc40) 00000040`35cef7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForAlertByThreadId+0xa PROCESS fffffa80037ae940 SessionId: 0 Cid: 0314 Peb: 7f6fa949000 ParentCid: 0220 DirBase: 319e5000 ObjectTable: fffff8a0024fcf00 HandleCount: Image: svchost.exe THREAD fffffa80037a59c0 Cid 0314.0318 Teb: 000007f6fa94e000 Win32Thread: fffff90100655b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037c57b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720336 Ticks: 20792 (0:00:05:24.357) Context Switch Count 758 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88015164dd0 Current fffff88015164900 Base fffff88015165000 Limit fffff8801515f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15164940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`037c2490 000000f2`73817c70 : nt!KiSwapContext+0x76 fffff880`15164a80 fffff802`b3b29c1f : fffff880`15164b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15164b40 fffff802`b3ec9df6 : fffffa80`037c57b0 fffff880`00000006 00000000`00000001 000000f2`75662b00 : nt!KeWaitForSingleObject+0x1cf fffff880`15164bd0 fffff802`b3b02d53 : fffffa80`037a59c0 00000000`ffffffff 00000000`00000000 fffffa80`037c57b0 : nt!NtWaitForSingleObject+0xb6 fffff880`15164c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15164c40) 000000f2`7361f9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80037c27c0 Cid 0314.031c Teb: 000007f6fa94c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db8490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015179dd0 Current fffff88015179900 Base fffff8801517a000 Limit fffff88015174000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037c0a00 Cid 0314.0328 Teb: 000007f6fa945000 Win32Thread: fffff90100659b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a9a60 NotificationEvent fffffa80037b4f50 SynchronizationEvent fffffa80037a99e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 7999 Ticks: 15733129 (2:20:10:38.385) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015187dd0 Current fffff88015187180 Base fffff88015188000 Limit fffff88015182000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80037cc700 Cid 0314.032c Teb: 000007f6fa943000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80037ccaa8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738889 Ticks: 2239 (0:00:00:34.928) Context Switch Count 400 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801518edd0 Current fffff8801518e7a0 Base fffff8801518f000 Limit fffff88015189000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1518e7e0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffff880`00000000 000000f2`00000000 : nt!KiSwapContext+0x76 fffff880`1518e920 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000070 : nt!KiCommitThreadWait+0x23c fffff880`1518e9e0 fffff802`b3ee4c70 : fffffa80`037ccaa8 fffffa80`00000010 fffffa80`01812401 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`1518ea70 fffff802`b3ef350d : 000000f2`744af488 000000f2`744af401 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`1518eae0 fffff802`b3ef334b : fffffa80`037a9240 000000f2`744af488 00000000`00000000 fffff802`b3ece50d : nt!AlpcpReceiveLegacyMessage+0x11c fffff880`1518eb70 fffff802`b3ef31f3 : fffffa80`037cc700 000000f2`738175e0 00000000`00000000 00000000`00000001 : nt!NtReplyWaitReceivePortEx+0xca fffff880`1518ec00 fffff802`b3b02d53 : fffffa80`037cc700 fffffa80`037cc700 fffff880`1518ecc0 00000000`00000001 : nt!NtReplyWaitReceivePort+0xf fffff880`1518ec40 000007fe`f7ec2c9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1518ec40) 000000f2`744af448 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtReplyWaitReceivePort+0xa THREAD fffffa80037f1b00 Cid 0314.0348 Teb: 000007f6fa81e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800319fb60 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739118 Ticks: 2010 (0:00:00:31.356) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151aadd0 Current fffff880151aa0f0 Base fffff880151ab000 Limit fffff880151a5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151aa130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`151aa270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`151aa330 fffff802`b3b2943e : fffffa80`0319fb60 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`151aa3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`151aa540 fffffa80`0319fb60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`151aa470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`151aa980 fffff802`b3b02d53 : fffffa80`037f1b00 000000f2`7452f538 fffff880`151aabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`151aabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151aac40) 000000f2`7452f518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003975b00 Cid 0314.0260 Teb: 000007f6fa818000 Win32Thread: fffff901006d7710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003955820 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 192 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801558fdd0 Current fffff8801558f900 Base fffff88015590000 Limit fffff8801558a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1558f940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 fffff802`b3b2c56b : nt!KiSwapContext+0x76 fffff880`1558fa80 fffff802`b3b29c1f : 00000000`ffffffff fffff880`1558fcc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`1558fb40 fffff802`b3ec9df6 : fffffa80`03955820 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1558fbd0 fffff802`b3b02d53 : fffffa80`03975b00 00000000`ffffffff 00000000`00000000 fffffa80`03955820 : nt!NtWaitForSingleObject+0xb6 fffff880`1558fc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1558fc40) 000000f2`7473f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800398a080 Cid 0314.0418 Teb: 000007f6fa816000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002eddee0 SynchronizationEvent fffffa8003958640 SynchronizationEvent fffffa8003b60fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679223 Ticks: 61905 (0:00:16:05.724) Context Switch Count 643 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.093 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880154ccdd0 Current fffff880154cc180 Base fffff880154cd000 Limit fffff880154c7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154cc1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`154cc300 fffff802`b3b293cd : fffff880`154cc698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`154cc3c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`154cc540 fffffa80`03b60fe0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`154cc470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 fffff880`154cc9b0 fffff802`b3ef63ca : nt!ObWaitForMultipleObjects+0x29c fffff880`154cc980 fffff802`b3b02d53 : fffffa80`0398a080 000000f2`747bf2f8 fffff880`154ccbe8 000000f2`747bf320 : nt!NtWaitForMultipleObjects+0xe3 fffff880`154ccbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154ccc40) 000000f2`747bf2d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039f7080 Cid 0314.0480 Teb: 000007f6fa804000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0b740 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740821 Ticks: 307 (0:00:00:04.789) Context Switch Count 65 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e5add0 Current fffff88014e5a760 Base fffff88014e5b000 Limit fffff88014e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e5a7a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff6fb`00000000 fffff6fb`7da01e48 : nt!KiSwapContext+0x76 fffff880`14e5a8e0 fffff802`b3b38ddb : 00000000`00000004 fffffa80`037aee28 00000000`00000000 0f276d82`0f276d82 : nt!KiCommitThreadWait+0x23c fffff880`14e5a9a0 fffff802`b3ed0b6c : fffffa80`03b0b740 fffffa80`039f7001 00000000`00000001 000000f2`74e2f600 : nt!KeRemoveQueueEx+0x26b fffff880`14e5aa50 fffff802`b3b434d5 : fffffa80`03b0b740 000000f2`73818210 fffff880`14e5ab80 fffff802`b3b74a30 : nt!IoRemoveIoCompletion+0x4c fffff880`14e5aae0 fffff802`b3b02d53 : 00000000`0000045c 000000f2`73818210 000000f2`00000010 000000f2`74e2f680 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e5ac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e5ac40) 000000f2`74e2f628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80039fbb00 Cid 0314.0484 Teb: 000007f6fa802000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b39ba0 SynchronizationEvent fffffa8003b3bfe0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679246 Ticks: 61882 (0:00:16:05.365) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef00c3788 Stack Init fffff88015588dd0 Current fffff88015588180 Base fffff88015589000 Limit fffff88015583000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155881c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15588300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`155883c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15588540 fffffa80`03b3bfe0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15588470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`037aee01 : nt!ObWaitForMultipleObjects+0x29c fffff880`15588980 fffff802`b3b02d53 : fffffa80`039fbb00 000000f2`74eaf588 fffff880`15588be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15588bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15588c40) 000000f2`74eaf568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b0b9c0 Cid 0314.0488 Teb: 000007f6fa800000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b58db0 SynchronizationEvent fffffa8003b38cd0 SynchronizationEvent fffffa8003b48be0 SynchronizationEvent fffffa8003b589e0 SynchronizationTimer fffffa8003b58840 SynchronizationTimer IRP List: fffffa8003b3c010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10689 Ticks: 15730439 (2:20:09:56.421) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef961c00 Stack Init fffff88014e0ddd0 Current fffff88014e0d180 Base fffff88014e0e000 Limit fffff88014e08000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bad700 Cid 0314.05cc Teb: 000007f6fa814000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbd520 NotificationEvent fffffa8003bb5ca0 SynchronizationEvent fffffa8003ba3200 SynchronizationEvent fffffa8003beda78 NotificationEvent IRP List: fffffa8003d85010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738812 Ticks: 2316 (0:00:00:36.129) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f4fdd0 Current fffff88014f4f180 Base fffff88014f50000 Limit fffff88014f4a000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f4f1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f4f300 fffff802`b3b293cd : fffff880`14f4f698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14f4f3c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`14f4f540 fffffa80`03beda78 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f4f470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`14f4f980 fffff802`b3b02d53 : fffffa80`03bad700 000000f2`7483f088 fffff880`14f4fbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f4fbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f4fc40) 000000f2`7483f068 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003bbf900 Cid 0314.0620 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db6c10 SynchronizationEvent fffffa80030912b0 SynchronizationEvent fffffa8003f9c920 SynchronizationEvent fffffa8003e3dd50 SynchronizationEvent fffffa8003fa2630 SynchronizationEvent fffffa8004035530 SynchronizationEvent fffffa8003f48a70 SynchronizationEvent fffffa8003fb0620 SynchronizationEvent fffffa8003dc0490 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727890 Ticks: 13238 (0:00:03:26.514) Context Switch Count 699 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fcddd0 Current fffff88014fcd180 Base fffff88014fce000 Limit fffff88014fc8000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14fcd1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff8a0`00000000 00000000`0010019f : nt!KiSwapContext+0x76 fffff880`14fcd300 fffff802`b3b293cd : fffff880`14fcd5c0 fffff8a0`001e9d44 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14fcd3c0 fffff802`b3eca2ac : fffffa80`00000009 fffff880`14fcd540 fffffa80`03dc0490 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14fcd470 fffff802`b3eca723 : 00000000`00000009 00000000`00000001 fffff880`14fcd9b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`14fcd980 fffff802`b3b02d53 : fffffa80`03bbf900 000000f2`750af3e8 fffff880`14fcdbe8 000000f2`750af410 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14fcdbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fcdc40) 000000f2`750af3c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003bd4080 Cid 0314.06a8 Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003daa960 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11923 Ticks: 15729205 (2:20:09:37.170) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedfa1824 Stack Init fffff88015e99dd0 Current fffff88015e99900 Base fffff88015e9a000 Limit fffff88015e94000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcf700 Cid 0314.06ac Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679964 Ticks: 61164 (0:00:15:54.164) Context Switch Count 163 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155dcdd0 Current fffff880155dc760 Base fffff880155dd000 Limit fffff880155d7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155dc7a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000000 fffff880`155dc901 : nt!KiSwapContext+0x76 fffff880`155dc8e0 fffff802`b3b38ddb : fffffa80`02ed8060 00000000`00000000 00000000`00000000 fffffa80`02ed8060 : nt!KiCommitThreadWait+0x23c fffff880`155dc9a0 fffff802`b3ed0b6c : fffffa80`03dcaf80 fffffa80`03bcf701 00000000`00000001 000000f2`752efa00 : nt!KeRemoveQueueEx+0x26b fffff880`155dca50 fffff802`b3b434d5 : fffffa80`03dcaf80 000000f2`738185b0 fffff880`155dcb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`155dcae0 fffff802`b3b02d53 : 00000000`000006a0 000000f2`738185b0 fffffa80`00000010 000000f2`752efa20 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155dcc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155dcc40) 000000f2`752ef9c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003bd8700 Cid 0314.06b4 Teb: 000007f6fa7f2000 Win32Thread: fffff90100671290 WAIT: (WrQueue) UserMode Alertable fffffa8003dcaf80 QueueObject IRP List: fffffa800413a9f0: (0006,01f0) Flags: 00060000 Mdl: fffffa8002620e70 fffffa8002c48a10: (0006,01f0) Flags: 00060000 Mdl: fffffa800274a290 fffffa8002c4e240: (0006,01f0) Flags: 00060000 Mdl: fffffa800189fc30 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 1340 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea7dd0 Current fffff88015ea7760 Base fffff88015ea8000 Limit fffff88015ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ea77a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 fffffa80`01ccdb50 : nt!KiSwapContext+0x76 fffff880`15ea78e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`15ea79a0 fffff802`b3ed0b6c : fffffa80`03dcaf80 fffffa80`03bd8701 00000000`00000001 000000f2`754afa00 : nt!KeRemoveQueueEx+0x26b fffff880`15ea7a50 fffff802`b3b434d5 : fffffa80`03dcaf80 000000f2`73818950 fffff880`15ea7b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15ea7ae0 fffff802`b3b02d53 : 00000000`000006a0 000000f2`73818950 fffffa80`00000010 000000f2`754afa50 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ea7c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ea7c40) 000000f2`754af9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003bd4b00 Cid 0314.06b8 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b741b0 SynchronizationEvent fffffa8003db11b0 SynchronizationEvent fffffa8003e0e9c0 SynchronizationEvent fffffa8003dba320 SynchronizationEvent fffffa8003dba1d0 SynchronizationEvent fffffa8003e685b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15693330 Ticks: 47798 (0:00:12:25.653) Context Switch Count 1428 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address 0x000007feee8c0e68 Stack Init fffff88015eaedd0 Current fffff88015eae180 Base fffff88015eaf000 Limit fffff88015ea9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15eae1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15eae300 fffff802`b3b293cd : fffff880`15eae698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`15eae3c0 fffff802`b3eca2ac : fffff880`00000006 fffff880`15eae540 fffffa80`03e685b0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15eae470 fffff802`b3eca723 : 00000000`00000006 00000000`00000001 00000000`00000000 00000000`00000002 : nt!ObWaitForMultipleObjects+0x29c fffff880`15eae980 fffff802`b3b02d53 : fffffa80`03bd4b00 000000f2`7552f7b8 fffff880`15eaebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15eaebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15eaec40) 000000f2`7552f798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e55940 Cid 0314.06dc Teb: 000007f6fa7ea000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ddce60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12499 Ticks: 15728629 (2:20:09:28.184) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff88003dd8dd0 Current fffff88003dd8900 Base fffff88003dd9000 Limit fffff88003dd3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea0b00 Cid 0314.07a8 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f24aa0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12917 Ticks: 15728211 (2:20:09:21.664) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ffedd0 Current fffff88015ffe900 Base fffff88015fff000 Limit fffff88015ff9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003df8080 Cid 0314.05c8 Teb: 000007f6fa7c6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent fffffa80039cc2f0 NotificationEvent IRP List: fffffa8002cf3e10: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80033c7660: (0006,01f0) Flags: 00060030 Mdl: fffffa80021ac780 fffffa80033f2610: (0006,01f0) Flags: 00060070 Mdl: 00000000 fffffa80020fccd0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727019 Ticks: 14109 (0:00:03:40.101) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016187dd0 Current fffff88016187180 Base fffff88016188000 Limit fffff88016182000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161871c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`033eb610 : nt!KiSwapContext+0x76 fffff880`16187300 fffff802`b3b293cd : 00000000`00000000 fffff880`036f1000 00000000`00000000 fffffa80`040495e0 : nt!KiCommitThreadWait+0x23c fffff880`161873c0 fffff802`b3eca2ac : 00000000`00000003 fffff880`16187540 fffffa80`039cc2f0 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16187470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff880`15b9939d : nt!ObWaitForMultipleObjects+0x29c fffff880`16187980 fffff802`b3b02d53 : fffffa80`03df8080 000000f2`7594f4e8 fffff880`16187be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16187bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16187c40) 000000f2`7594f4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003fa9b00 Cid 0314.04a0 Teb: 000007f6fa7be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003f93530 Semaphore Limit 0x7fffffff fffffa8003f76d40 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727032 Ticks: 14096 (0:00:03:39.899) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801621bdd0 Current fffff8801621b180 Base fffff8801621c000 Limit fffff88016216000 Call 0 Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1621b1c0 fffff802`b3b2d99c : fffff880`1621b4a8 00000000`00000000 fffff880`1621b6e0 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1621b300 fffff802`b3b293cd : 00000000`00000000 fffff880`1621b750 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`1621b3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1621b540 fffffa80`03f76d40 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1621b470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`1621b980 fffff802`b3b02d53 : fffffa80`03fa9b00 000000f2`76cbf438 fffff880`1621bbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1621bbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1621bc40) 000000f2`76cbf418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003836b00 Cid 0314.0898 Teb: 000007f6fa7bc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f47c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14273 Ticks: 15726855 (2:20:09:00.510) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff88015429dd0 Current fffff88015429900 Base fffff8801542a000 Limit fffff88015424000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018a5b00 Cid 0314.0a1c Teb: 000007f6fa7a4000 Win32Thread: fffff901006a9820 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003798d00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 148 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801607ddd0 Current fffff8801607d5f0 Base fffff8801607e000 Limit fffff88016078000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1607d630 fffff802`b3b2d99c : 93de5fa4`00000001 00000000`00000000 fffffa80`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`1607d770 fffff802`b3b29c1f : 00000000`00000000 fffff8a0`027bd960 00000000`00000000 fffff802`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1607d830 fffff802`b3b2943e : fffffa80`03798d00 fffff802`0000000d fffff8a0`011f8f01 000000f2`776bef00 : nt!KeWaitForSingleObject+0x1cf fffff880`1607d8c0 fffff960`00153e07 : fffff8a0`00000001 fffff880`1607d9e0 fffffa80`018a5b00 fffffa80`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1607d970 fffff960`00154765 : fffff880`16070000 fffff901`006a0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`1607da40 fffff960`00152e99 : fffff880`1607dcc0 00000000`00000100 00000000`00000001 fffff802`b3d121c0 : win32k!xxxSleepThread+0xc5 fffff880`1607da90 fffff960`001545f3 : fffff880`1607dbf8 000000f2`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`1607dbb0 fffff802`b3b02d53 : fffffa80`018a5b00 000007fe`f7ca6ab0 00000000`00000020 000007fe`ebdfed88 : win32k!NtUserGetMessage+0x83 fffff880`1607dc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1607dc40) 000000f2`776bf7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa80037d0b00 Cid 0314.0a2c Teb: 000007f6fa7a2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80036216b0 NotificationEvent fffffa80017d6f20 NotificationEvent IRP List: fffffa80031d0c80: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeaf651dc Stack Init fffff880163ebdd0 Current fffff880163eb180 Base fffff880163ec000 Limit fffff880163e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261ab00 Cid 0314.0a30 Teb: 000007f6fa7a0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d200 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feed241470 Stack Init fffff8800316cdd0 Current fffff8800316c180 Base fffff8800316d000 Limit fffff88003167000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002624900 Cid 0314.0a34 Teb: 000007f6fa79e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037cac10 NotificationEvent fffffa80040559b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15884 Ticks: 15725244 (2:20:08:35.378) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feed241470 Stack Init fffff88003173dd0 Current fffff88003173180 Base fffff88003174000 Limit fffff8800316e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003676080 Cid 0314.099c Teb: 000007f6fa812000 Win32Thread: fffff90100697950 WAIT: (UserRequest) UserMode Alertable fffffa80038ce280 SynchronizationTimer fffffa80038165f0 NotificationEvent fffffa80031e7a30 SynchronizationEvent IRP List: fffffa8003f07e10: (0006,01f0) Flags: 00060030 Mdl: 00000000 fffffa8003900d80: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720270 Ticks: 20858 (0:00:05:25.386) Context Switch Count 5927 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.156 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88003181dd0 Current fffff88003181180 Base fffff88003182000 Limit fffff8800317c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`031811c0 fffff802`b3b2d99c : fffffa80`024ab1b0 00000000`00000000 fffffa80`041cc300 fffff802`b3cf72ba : nt!KiSwapContext+0x76 fffff880`03181300 fffff802`b3b293cd : fffffa80`024ab100 fffffa80`024a0401 00000000`00000000 fffffa80`0001ed6e : nt!KiCommitThreadWait+0x23c fffff880`031813c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`03181540 fffffa80`031e7a30 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03181470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`03181980 fffff802`b3b02d53 : fffffa80`03676080 000000f2`74caf148 fffff880`03181be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03181bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03181c40) 000000f2`74caf128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001e11080 Cid 0314.0420 Teb: 000007f6fa80c000 Win32Thread: fffff901006f8710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737701 Ticks: 3427 (0:00:00:53.461) Context Switch Count 2697 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015f72dd0 Current fffff88015f72760 Base fffff88015f73000 Limit fffff88015f6d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f727a0 fffff802`b3b2d99c : 000000f2`00000000 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f728e0 fffff802`b3b38ddb : fffff8a0`06855800 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`15f729a0 fffff802`b3ed0b6c : fffffa80`0376f380 fffffa80`01e11001 00000000`00000001 000000f2`7562f600 : nt!KeRemoveQueueEx+0x26b fffff880`15f72a50 fffff802`b3b434d5 : fffffa80`0376f380 000000f2`75630f50 fffff880`15f72b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`15f72ae0 fffff802`b3b02d53 : 00000000`0000009c 000000f2`75630f50 000000f2`00000010 000000f2`7562f660 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15f72c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f72c40) 000000f2`7562f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80037fab00 Cid 0314.0d10 Teb: 000007f6fa806000 Win32Thread: fffff9010066fb90 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject IRP List: fffffa8002d0f260: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 8797 IdealProcessor: 0 UserTime 00:00:01.310 KernelTime 00:00:00.577 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150dfdd0 Current fffff880150df760 Base fffff880150e0000 Limit fffff880150da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150df7a0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 00000000`00000000 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`150df8e0 fffff802`b3b38ddb : fffffa80`03969e40 fffff802`b3e8eae7 00000000`00000000 fffff880`150dfa60 : nt!KiCommitThreadWait+0x23c fffff880`150df9a0 fffff802`b3ed0b6c : fffffa80`0376f380 fffffa80`037fab01 00000000`00000001 000000f2`758cf800 : nt!KeRemoveQueueEx+0x26b fffff880`150dfa50 fffff802`b3b434d5 : fffffa80`0376f380 000000f2`756312f0 fffff880`150dfb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`150dfae0 fffff802`b3b02d53 : 00000000`0000009c 000000f2`756312f0 000000f2`00000010 000000f2`758cf810 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150dfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150dfc40) 000000f2`758cf7b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8004048080 Cid 0314.04b8 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002187550 SynchronizationEvent fffffa8001f05860 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737670 Ticks: 3458 (0:00:00:53.945) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017525dd0 Current fffff88017525180 Base fffff88017526000 Limit fffff88017520000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`175251c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`17525300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`175253c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`17525540 fffffa80`01f05860 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17525470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`01dff000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17525980 fffff802`b3b02d53 : fffffa80`04048080 000000f2`75def5b8 fffff880`17525be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17525bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17525c40) 000000f2`75def598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80020a4b00 Cid 0314.0bec Teb: 000007f6fa7dc000 Win32Thread: fffff901006e5710 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740262 Ticks: 866 (0:00:00:13.509) Context Switch Count 1061 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016596dd0 Current fffff88016596760 Base fffff88016597000 Limit fffff88016591000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165967a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 fffff802`b3ecdc9d : nt!KiSwapContext+0x76 fffff880`165968e0 fffff802`b3b38ddb : fffffa80`038e3e10 fffff802`b3ac211e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`165969a0 fffff802`b3ed0b6c : fffffa80`0376f380 fffffa80`020a4b01 00000000`00000001 000000f2`761bfc00 : nt!KeRemoveQueueEx+0x26b fffff880`16596a50 fffff802`b3b434d5 : fffffa80`0376f380 000000f2`756a84c0 fffff880`16596b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`16596ae0 fffff802`b3b02d53 : 00000000`0000009c 000000f2`756a84c0 fffff880`00000010 000000f2`761bfce0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16596c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16596c40) 000000f2`761bfc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001dcb080 Cid 0314.0ae4 Teb: 000007f6fa7ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038b30c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679787 Ticks: 61341 (0:00:15:56.925) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163f9dd0 Current fffff880163f9760 Base fffff880163fa000 Limit fffff880163f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`163f97a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000008 : nt!KiSwapContext+0x76 fffff880`163f98e0 fffff802`b3b38ddb : fffffa80`038b30c0 fffff802`b3b4c9fd 00000000`00000000 00000000`00000532 : nt!KiCommitThreadWait+0x23c fffff880`163f99a0 fffff802`b3ed0b6c : fffffa80`038b30c0 fffffa80`01dcb001 00000000`00000001 000000f2`763bfa00 : nt!KeRemoveQueueEx+0x26b fffff880`163f9a50 fffff802`b3b434d5 : fffffa80`038b30c0 000000f2`756dcd50 fffff880`163f9b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`163f9ae0 fffff802`b3b02d53 : 00000000`00001678 000000f2`756dcd50 000000f2`00000010 000000f2`763bfa00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`163f9c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163f9c40) 000000f2`763bf9a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001cff080 Cid 0314.0298 Teb: 000007f6fa7c8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001cff428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a000a23170 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeef05c38 Stack Init fffff8801756bdd0 Current fffff8801756b660 Base fffff8801756c000 Limit fffff88017566000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1756b6a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`01cff080 fffff880`1756b8dc : nt!KiSwapContext+0x76 fffff880`1756b7e0 fffff802`b3b29c1f : fffff8a0`0250c460 fffff880`1756baa8 00000000`00000001 fffffa80`018925d0 : nt!KiCommitThreadWait+0x23c fffff880`1756b8a0 fffff802`b3af1a0a : fffffa80`01cff428 ffffffff`00000011 000000f2`00000001 00000000`02c49a01 : nt!KeWaitForSingleObject+0x1cf fffff880`1756b930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`01cff428 fffffa80`01812d01 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`1756b9e0 fffff802`b3ebb762 : fffffa80`036d2750 000000f2`756bf330 000000f2`7643f598 fffffa80`01812d01 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1756ba40 fffff802`b3ec19c2 : fffffa80`036d2750 000000f2`00020000 000000f2`756bf330 000000f2`767cd028 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1756bb20 fffff802`b3b02d53 : fffffa80`01cff080 fffff880`1756bcc0 fffff880`1756bbe8 000000f2`00000000 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1756bbd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1756bc40) 000000f2`7643f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8002d8c080 Cid 0314.0bbc Teb: 000007f6fa94a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003253610 SynchronizationEvent fffffa8003782a30 NotificationEvent fffffa8003f099f0 SynchronizationEvent IRP List: fffffa80018966f0: (0006,01f0) Flags: 00040030 Mdl: 00000000 fffffa8002dd4210: (0006,01f0) Flags: 00040030 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 286 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff880171cbdd0 Current fffff880171cb180 Base fffff880171cc000 Limit fffff880171c6000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr : Args to Child : Call Site fffff880`171cb1c0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 fffff8a0`00000001 fffff8a0`00000000 : nt!KiSwapContext+0x76 fffff880`171cb300 fffff802`b3b293cd : fffff880`171cb49c fffff8a0`06a6f824 00000000`00000000 00000000`000000d0 : nt!KiCommitThreadWait+0x23c fffff880`171cb3c0 fffff802`b3eca2ac : fffffa80`00000003 fffff880`171cb540 fffffa80`03f099f0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`171cb470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 fffff880`171cb9b0 fffff8a0`01d452d0 : nt!ObWaitForMultipleObjects+0x29c fffff880`171cb980 fffff802`b3b02d53 : fffffa80`02d8c080 000000f2`739ff968 fffff880`171cbbe8 000000f2`739ff990 : nt!NtWaitForMultipleObjects+0xe3 fffff880`171cbbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171cbc40) 000000f2`739ff948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001cd4080 Cid 0314.0ce4 Teb: 000007f6fa947000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037a8250 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717753 Ticks: 23375 (0:00:06:04.652) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88016110dd0 Current fffff88016110900 Base fffff88016111000 Limit fffff8801610b000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16110940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 fffff880`16110a01 : nt!KiSwapContext+0x76 fffff880`16110a80 fffff802`b3b29c1f : fffffa80`037a8220 00000000`00000000 00000000`00000000 fffff802`b3e8d256 : nt!KiCommitThreadWait+0x23c fffff880`16110b40 fffff802`b3ec9df6 : fffffa80`037a8250 fffff802`00000006 00000000`00000001 fffff802`b3e4ff00 : nt!KeWaitForSingleObject+0x1cf fffff880`16110bd0 fffff802`b3b02d53 : fffffa80`01cd4080 00000000`ffffffff 00000000`00000000 fffffa80`037a8250 : nt!NtWaitForSingleObject+0xb6 fffff880`16110c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16110c40) 000000f2`74faf728 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003e76080 Cid 0314.0c68 Teb: 000007f6fa81c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001ccea80 SynchronizationEvent fffffa8002d31cc0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15717492 Ticks: 23636 (0:00:06:08.723) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff8801546add0 Current fffff8801546a180 Base fffff8801546b000 Limit fffff88015465000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1546a1c0 fffff802`b3b2d99c : fffff880`1546a380 00000000`00000000 fffff880`1546a354 00000100`00000000 : nt!KiSwapContext+0x76 fffff880`1546a300 fffff802`b3b293cd : fffff8a0`02ffc420 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1546a3c0 fffff802`b3eca2ac : fffff8a0`00000002 fffff880`1546a540 fffffa80`02d31cc0 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1546a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff680`793b5a00 : nt!ObWaitForMultipleObjects+0x29c fffff880`1546a980 fffff802`b3b02d53 : fffffa80`03e76080 000000f2`7512f878 fffff880`1546abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1546abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1546ac40) 000000f2`7512f858 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800360fb00 Cid 0314.08a4 Teb: 000007f6fa81a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c94e40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733523 Ticks: 7605 (0:00:01:58.638) Context Switch Count 222 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880171eedd0 Current fffff880171ee7a0 Base fffff880171ef000 Limit fffff880171e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171ee7e0 fffff802`b3b2d99c : fffffa80`0360fb00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`171ee920 fffff802`b3b38ddb : fffffa80`0377dc10 00000000`00000000 00000000`00000000 00000000`00000400 : nt!KiCommitThreadWait+0x23c fffff880`171ee9e0 fffff802`b3ed0b6c : fffffa80`01c94e40 00000000`00000001 000000f2`755af800 fffff880`171eeb00 : nt!KeRemoveQueueEx+0x26b fffff880`171eea90 fffff802`b3eafcb5 : fffffa80`01c94e40 fffff880`171eeb88 fffff880`171eeb80 fffffa80`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`171eeb20 fffff802`b3b02d53 : fffffa80`0360fb00 000000f2`755af738 fffff880`171eebe8 000000f2`767ffb90 : nt!NtRemoveIoCompletion+0x135 fffff880`171eebd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171eec40) 000000f2`755af718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8002d2ab00 Cid 0314.0adc Teb: 000007f6fa7fe000 Win32Thread: fffff901006f2010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ed4250 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 6051 IdealProcessor: 0 UserTime 00:00:00.296 KernelTime 00:00:02.776 Win32 Start Address 0x000007fee8da1de0 Stack Init fffff88015f80dd0 Current fffff88015f80180 Base fffff88015f81000 Limit fffff88015f7b000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr : Args to Child : Call Site fffff880`15f801c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff8a0`00000000 fffff8a0`0249cec4 : nt!KiSwapContext+0x76 fffff880`15f80300 fffff802`b3b293cd : fffff880`15f8049c 00000000`00000000 00000000`00000000 ffff7cad`45667b5a : nt!KiCommitThreadWait+0x23c fffff880`15f803c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15f80540 fffffa80`01ed4250 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15f80470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`15f809b0 fffff880`0151a140 : nt!ObWaitForMultipleObjects+0x29c fffff880`15f80980 fffff802`b3b02d53 : fffffa80`02d2ab00 000000f2`7703f3f8 fffff880`15f80be8 000000f2`7703f420 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15f80bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f80c40) 000000f2`7703f3d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80040265c0 Cid 0314.0a44 Teb: 000007f6fa7fa000 Win32Thread: fffff901006fe5a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa80033fee50 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733525 Ticks: 7603 (0:00:01:58.607) Context Switch Count 5581 IdealProcessor: 0 UserTime 00:00:01.482 KernelTime 00:00:00.592 Win32 Start Address 0x000007fee8da1de0 Stack Init fffff880171a3dd0 Current fffff880171a3180 Base fffff880171a4000 Limit fffff8801719e000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171a31c0 fffff802`b3b2d99c : fffff880`171a36e8 00000000`00000000 00000000`00000000 fffff880`171a36d0 : nt!KiSwapContext+0x76 fffff880`171a3300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3ec19cc 00000000`00000000 00000000`00000102 : nt!KiCommitThreadWait+0x23c fffff880`171a33c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`171a3540 fffffa80`033fee50 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`171a3470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`171a39b0 000000f2`770bf8c0 : nt!ObWaitForMultipleObjects+0x29c fffff880`171a3980 fffff802`b3b02d53 : fffffa80`040265c0 000000f2`770bf968 fffff880`171a3be8 000000f2`770bf990 : nt!NtWaitForMultipleObjects+0xe3 fffff880`171a3bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171a3c40) 000000f2`770bf948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f51b00 Cid 0314.0414 Teb: 000007f6fa810000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8001ec8bd0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739276 Ticks: 1852 (0:00:00:28.891) Context Switch Count 194 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address 0x000007fee8da1de0 Stack Init fffff88017371dd0 Current fffff88017371180 Base fffff88017372000 Limit fffff8801736c000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Child-SP RetAddr : Args to Child : Call Site fffff880`173711c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17371300 fffff802`b3b293cd : fffff880`17371698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`173713c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17371540 fffffa80`01ec8bd0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17371470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`173719b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17371980 fffff802`b3b02d53 : fffffa80`03f51b00 000000f2`0c21fb58 fffff880`17371be8 000000f2`0c21fb80 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17371bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17371c40) 000000f2`0c21fb38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002053b00 Cid 0314.0780 Teb: 000007f6fa7e8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80031a7180 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15718905 Ticks: 22223 (0:00:05:46.681) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017515dd0 Current fffff88017515760 Base fffff88017516000 Limit fffff88017510000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175157a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175158e0 fffff802`b3b38ddb : fffffa80`031a7180 fffff802`b3b4c9fd 00000000`00000000 00000000`00001321 : nt!KiCommitThreadWait+0x23c fffff880`175159a0 fffff802`b3ed0b6c : fffffa80`031a7180 fffffa80`02053b01 00000000`00000001 000000f2`0c6cfb00 : nt!KeRemoveQueueEx+0x26b fffff880`17515a50 fffff802`b3b434d5 : fffffa80`031a7180 000000f2`756a8c00 fffff880`17515b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17515ae0 fffff802`b3b02d53 : 00000000`00001a5c 000000f2`756a8c00 000000f2`00000010 000000f2`0c6cfb80 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17515c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17515c40) 000000f2`0c6cfb28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002cc9240 Cid 0314.049c Teb: 000007f6fa7de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80032b2060 NotificationEvent fffffa8003794150 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15722755 Ticks: 18373 (0:00:04:46.620) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee8da1de0 Stack Init fffff88014e7ddd0 Current fffff88014e7d180 Base fffff88014e7e000 Limit fffff88014e78000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14e7d1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14e7d300 fffff802`b3b293cd : fffffa80`01fc390b 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14e7d3c0 fffff802`b3eca2ac : fffff157`00000002 fffff880`14e7d540 fffffa80`03794150 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14e7d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`14e7d9b0 fffff680`793c17f0 : nt!ObWaitForMultipleObjects+0x29c fffff880`14e7d980 fffff802`b3b02d53 : fffffa80`02cc9240 000000f2`0c3ff9c8 fffff880`14e7dbe8 000000f2`0c3ff9f0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14e7dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e7dc40) 000000f2`0c3ff9a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002d3c300 Cid 0314.0e68 Teb: 000007f6fa7d8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8002d3c6a8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720344 Ticks: 20784 (0:00:05:24.232) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee8b810f0 Stack Init fffff8801511edd0 Current fffff8801511e750 Base fffff8801511f000 Limit fffff88015119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1511e790 fffff802`b3b2d99c : fffff880`1511e9b0 00000000`00000000 fffff8a0`02c82cf0 fffff8a0`01e7c280 : nt!KiSwapContext+0x76 fffff880`1511e8d0 fffff802`b3b29c1f : 00000000`00000080 fffff8a0`01e7c270 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1511e990 fffff802`b3ee4c70 : fffffa80`02d3c6a8 00000000`00000010 00000000`00000001 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`1511ea20 fffff802`b3eb9bd4 : 00000000`30000000 00000000`00000001 000000f2`78310000 fffff880`1511eae0 : nt!AlpcpReceiveMessagePort+0x380 fffff880`1511ea90 fffff802`b3ec1949 : fffffa80`025f8090 00000000`00000000 fffffa80`025f8090 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`1511eb20 fffff802`b3b02d53 : fffffa80`02d3c300 fffff880`1511ecc0 fffff880`1511ebe8 00000000`00000000 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`1511ebd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1511ec40) 000000f2`0c8cfba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8002d80240 Cid 0314.076c Teb: 000007f6fa7da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800361db00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15720345 Ticks: 20783 (0:00:05:24.216) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150f4dd0 Current fffff880150f4760 Base fffff880150f5000 Limit fffff880150ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150f47a0 fffff802`b3b2d99c : 00000000`00045000 00000000`00000000 00000000`00044468 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`150f48e0 fffff802`b3b38ddb : fffffa80`01fa0001 fffffa80`00000000 00000000`00000000 fffff880`150f4a30 : nt!KiCommitThreadWait+0x23c fffff880`150f49a0 fffff802`b3ed0b6c : fffffa80`0361db00 fffffa80`02d80201 00000000`00000001 000000f2`0c84f600 : nt!KeRemoveQueueEx+0x26b fffff880`150f4a50 fffff802`b3b434d5 : fffffa80`0361db00 000000f2`756a7640 fffff880`150f4b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`150f4ae0 fffff802`b3b02d53 : 00000000`00001588 000000f2`756a7640 fffff880`00000010 000000f2`0c84f6b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150f4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150f4c40) 000000f2`0c84f658 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800365a980 Cid 0314.0a60 Teb: 000007f6fa80a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800376f380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801519cdd0 Current fffff8801519c760 Base fffff8801519d000 Limit fffff88015197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1519c7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff802`b3ecdc9d : nt!KiSwapContext+0x76 fffff880`1519c8e0 fffff802`b3b38ddb : fffffa80`01e15b01 fffff880`1519cb10 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1519c9a0 fffff802`b3ed0b6c : fffffa80`0376f380 fffffa80`0365a901 00000000`00000001 000000f2`0d6bfa00 : nt!KeRemoveQueueEx+0x26b fffff880`1519ca50 fffff802`b3b434d5 : fffffa80`0376f380 000000f2`756a79e0 fffff880`1519cb80 fffff802`b3d0d001 : nt!IoRemoveIoCompletion+0x4c fffff880`1519cae0 fffff802`b3b02d53 : 00000000`0000009c 000000f2`756a79e0 00000000`00000010 000000f2`0d6bfa50 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1519cc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1519cc40) 000000f2`0d6bf9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002105680 Cid 0314.0fc4 Teb: 000007f6fa80e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d59110 Semaphore Limit 0x7fffffff fffffa800319ccd0 Mutant - owning thread 0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80037ae940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739275 Ticks: 1853 (0:00:00:28.906) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feed178004 Stack Init fffff88015422dd0 Current fffff88015421ee0 Base fffff88015423000 Limit fffff8801541d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15421f20 fffff802`b3b2d99c : fffff960`00000001 00000000`00000000 fffff960`00000001 fffff880`154223b0 : nt!KiSwapContext+0x76 fffff880`15422060 fffff802`b3ab33db : 00000200`002b0000 fffffa80`02105680 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15422120 fffff802`b3b29620 : 00000000`00000002 fffff880`15422540 00000000`00000006 00000000`00000001 : nt!KiWaitForAllObjects+0x3bb fffff880`154223c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15422540 fffff880`15422550 00000000`00000006 : nt!KeWaitForMultipleObjects+0x4ae fffff880`15422470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`154229b0 00000000`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`15422980 fffff802`b3b02d53 : fffffa80`02105680 000000f2`0c34f618 fffff880`15422be8 000000f2`0c34f640 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15422bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15422c40) 000000f2`0c34f5f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa PROCESS fffffa80037e9940 SessionId: 0 Cid: 0360 Peb: 7f6fa7ef000 ParentCid: 0220 DirBase: 332b5000 ObjectTable: fffff8a002536040 HandleCount: Image: svchost.exe THREAD fffffa80037a2b00 Cid 0360.0364 Teb: 000007f6fa7ed000 Win32Thread: fffff90100659290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037d9820 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff880151bfdd0 Current fffff880151bf900 Base fffff880151c0000 Limit fffff880151ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`151bf940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`037a2270 0000002b`50797200 : nt!KiSwapContext+0x76 fffff880`151bfa80 fffff802`b3b29c1f : fffff880`151bfb70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`151bfb40 fffff802`b3ec9df6 : fffffa80`037d9820 fffff880`00000006 00000000`00000001 0000002b`53004a00 : nt!KeWaitForSingleObject+0x1cf fffff880`151bfbd0 fffff802`b3b02d53 : fffffa80`037a2b00 00000000`ffffffff 00000000`00000000 fffffa80`037d9820 : nt!NtWaitForSingleObject+0xb6 fffff880`151bfc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151bfc40) 0000002b`5065f778 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003812080 Cid 0360.0378 Teb: 000007f6fa7e3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d3b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15690529 Ticks: 50599 (0:00:13:09.349) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151c6dd0 Current fffff880151c6760 Base fffff880151c7000 Limit fffff880151c1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`151c67a0 fffff802`b3b2d99c : 00000000`c0000503 00000000`00000000 fffff880`151c6b00 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`151c68e0 fffff802`b3b38ddb : fffff8a0`02228630 fffff880`151c6cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`151c69a0 fffff802`b3ed0b6c : fffffa80`037d3b80 fffffa80`03812001 00000000`00000001 0000002b`511efc00 : nt!KeRemoveQueueEx+0x26b fffff880`151c6a50 fffff802`b3b434d5 : fffffa80`037d3b80 0000002b`507b7d90 fffff880`151c6b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`151c6ae0 fffff802`b3b02d53 : 00000000`0000014c 0000002b`507b7d90 fffff880`00000010 0000002b`511efc90 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151c6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151c6c40) 0000002b`511efc38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800389e080 Cid 0360.0138 Teb: 000007f6fa6be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038a07a0 NotificationEvent fffffa80038aa500 SynchronizationEvent fffffa800389e600 NotificationEvent fffffa80038a91a8 NotificationEvent IRP List: fffffa800389cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8883 Ticks: 15732245 (2:20:10:24.594) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef12a3b00 Stack Init fffff8801549bdd0 Current fffff8801549b180 Base fffff8801549c000 Limit fffff88015496000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800389fb00 Cid 0360.0144 Teb: 000007f6fa6bc000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800389fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 349 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef12a48fc Stack Init fffff88015494dd0 Current fffff88015494750 Base fffff88015495000 Limit fffff8801548f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15494790 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`02e723e0 : nt!KiSwapContext+0x76 fffff880`154948d0 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`15494b78 : nt!KiCommitThreadWait+0x23c fffff880`15494990 fffff802`b3ee4c70 : fffffa80`0389fea8 00000000`00000010 fffff880`15494a01 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`15494a20 fffff802`b3eb9bd4 : 00000000`a0000000 0000002b`52449f01 0000002b`509ea400 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`15494a90 fffff802`b3ec1949 : fffffa80`038aa2e0 00000000`00000000 fffffa80`038aa2e0 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`15494b20 fffff802`b3b02d53 : fffffa80`0389fb00 fffff880`15494cc0 fffff880`15494be8 0000002b`509e6680 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`15494bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15494c40) 0000002b`513ef5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8003d8d7c0 Cid 0360.0658 Teb: 000007f6fa6b8000 Win32Thread: fffff90100691710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800364ee80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15735040 Ticks: 6088 (0:00:01:34.973) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef35a06d0 Stack Init fffff88015e5add0 Current fffff88015e5a900 Base fffff88015e5b000 Limit fffff88015e55000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15e5a940 fffff802`b3b2d99c : 00000001`00000001 00000000`00000000 fffff880`00000000 fffff880`009ebd40 : nt!KiSwapContext+0x76 fffff880`15e5aa80 fffff802`b3b29c1f : 00000000`00000001 ffff7cad`457bd35a 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e5ab40 fffff802`b3ec9df6 : fffffa80`0364ee80 fffffa80`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`15e5abd0 fffff802`b3b02d53 : fffffa80`03d8d7c0 00000000`0001d4c0 fffff880`15e5ac18 fffffa80`0364ee80 : nt!NtWaitForSingleObject+0xb6 fffff880`15e5ac40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e5ac40) 0000002b`52e6f178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003e8bb00 Cid 0360.0760 Teb: 000007f6fa6b2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0ea40 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12613 Ticks: 15728515 (2:20:09:26.406) Context Switch Count 9 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f9cdd0 Current fffff88015f9c900 Base fffff88015f9d000 Limit fffff88015f97000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea4080 Cid 0360.0774 Teb: 000007f6fa6b0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003df5b50 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 57 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fc6dd0 Current fffff88015fc6900 Base fffff88015fc7000 Limit fffff88015fc1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ec02c0 Cid 0360.07c0 Teb: 000007f6fa6ae000 Win32Thread: fffff901006a3b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030bf470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12914 Ticks: 15728214 (2:20:09:21.710) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb96d5c Stack Init fffff88016022dd0 Current fffff88016022900 Base fffff88016023000 Limit fffff8801601d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ee6b00 Cid 0360.07d8 Teb: 000007f6fa6a8000 Win32Thread: fffff9010069f610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003eea260 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 586 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb859ec Stack Init fffff88016029dd0 Current fffff880160295f0 Base fffff8801602a000 Limit fffff88016024000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16029630 fffff802`b3b2d99c : ffff7cad`469ceeaa 00000000`00000000 fffffa80`03ee6c40 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`16029770 fffff802`b3b29c1f : 00000000`00010224 00000000`00000000 00000000`00000000 fffff802`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16029830 fffff802`b3b2943e : fffffa80`03eea260 00000000`0000000d fffffa80`03ee6b01 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`160298c0 fffff960`00153e07 : 00000000`00000001 fffff880`160299e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`16029970 fffff960`00154765 : fffff901`00190000 fffff901`00690000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`16029a40 fffff960`00152e99 : fffff880`16029cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`16029a90 fffff960`001545f3 : fffff880`16029bf8 0000002b`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`16029bb0 fffff802`b3b02d53 : fffffa80`03ee6b00 00000000`00000000 00000000`00000020 fffffa80`03f1f060 : win32k!NtUserGetMessage+0x83 fffff880`16029c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16029c40) 0000002b`5336fa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8003f02b00 Cid 0360.0424 Teb: 000007f6fa6a6000 Win32Thread: fffff901006abb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc7ca0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15732248 Ticks: 8880 (0:00:02:18.528) Context Switch Count 364 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb86564 Stack Init fffff880160a7dd0 Current fffff880160a7900 Base fffff880160a8000 Limit fffff880160a2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160a7940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00100080`00000000 fffffa80`030a3100 : nt!KiSwapContext+0x76 fffff880`160a7a80 fffff802`b3b29c1f : 00000000`fffc0001 fffff802`b3af9959 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`160a7b40 fffff802`b3ec9df6 : fffffa80`03dc7ca0 0000002b`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`160a7bd0 fffff802`b3b02d53 : fffffa80`03f02b00 00000000`ffffffff 00000000`00000000 fffffa80`03dc7ca0 : nt!NtWaitForSingleObject+0xb6 fffff880`160a7c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160a7c40) 0000002b`533ff678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003e01080 Cid 0360.0498 Teb: 000007f6fa6a4000 Win32Thread: fffff901006a5290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003eea150 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679963 Ticks: 61165 (0:00:15:54.180) Context Switch Count 58 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb85f9c Stack Init fffff880160aedd0 Current fffff880160ae900 Base fffff880160af000 Limit fffff880160a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160ae940 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 ffff7cad`00000000 00000000`00000360 : nt!KiSwapContext+0x76 fffff880`160aea80 fffff802`b3b29c1f : 0000002b`5347ed50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`160aeb40 fffff802`b3ec9df6 : fffffa80`03eea150 fffff901`00000006 00000000`00000001 fffffa80`03e01000 : nt!KeWaitForSingleObject+0x1cf fffff880`160aebd0 fffff802`b3b02d53 : fffffa80`03e01080 00000000`ffffffff 00000000`00000000 fffffa80`03eea150 : nt!NtWaitForSingleObject+0xb6 fffff880`160aec40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160aec40) 0000002b`5347fcc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003e01700 Cid 0360.04a4 Teb: 000007f6fa6a2000 Win32Thread: fffff901006a5710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f029f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 83 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb94274 Stack Init fffff880160b5dd0 Current fffff880160b5900 Base fffff880160b6000 Limit fffff880160b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`160b5940 fffff802`b3b2d99c : fffff8a0`009a2cd8 00000000`00000000 fffff8a0`02739a20 00000000`00000360 : nt!KiSwapContext+0x76 fffff880`160b5a80 fffff802`b3b29c1f : 0000002b`534fe7f0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`160b5b40 fffff802`b3ec9df6 : fffffa80`03f029f0 fffffa80`00000006 00000000`00000001 000007f6`fa6a2000 : nt!KeWaitForSingleObject+0x1cf fffff880`160b5bd0 fffff802`b3b02d53 : fffffa80`03e01700 00000000`ffffffff 00000000`00000000 fffffa80`03f029f0 : nt!NtWaitForSingleObject+0xb6 fffff880`160b5c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160b5c40) 0000002b`534ff7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003f19b00 Cid 0360.0548 Teb: 000007f6fa69c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003ef53f0 NotificationEvent fffffa8003ef5200 SynchronizationTimer Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12800 Ticks: 15728328 (2:20:09:23.489) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeda358dc Stack Init fffff880160d8dd0 Current fffff880160d8180 Base fffff880160d9000 Limit fffff880160d3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f4bb00 Cid 0360.04ac Teb: 000007f6fa69e000 Win32Thread: fffff901006ab710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003f49f60 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 753 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedb896d0 Stack Init fffff88016164dd0 Current fffff880161645f0 Base fffff88016165000 Limit fffff8801615f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16164630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`16164770 fffff802`b3b29c1f : fffff8a0`0273b9a0 00000000`00000000 00000000`00000000 fffff880`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16164830 fffff802`b3b2943e : fffffa80`03f49f60 fffffa80`0000000d fffffa80`037aa001 fffff802`b3eeb600 : nt!KeWaitForSingleObject+0x1cf fffff880`161648c0 fffff960`00153e07 : 0000002b`00000001 fffff880`161649e0 00000000`00000050 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`16164970 fffff960`00154765 : 0000002b`537c0000 fffff901`006a0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`16164a40 fffff960`00152e99 : fffff880`16164cc0 00000000`00000100 00000000`00000001 fffffa80`01c7c070 : win32k!xxxSleepThread+0xc5 fffff880`16164a90 fffff960`001545f3 : fffff880`16164bf8 0000002b`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`16164bb0 fffff802`b3b02d53 : fffffa80`03f4bb00 000007fe`edb96388 00000000`00000020 fffffa80`03f1f060 : win32k!NtUserGetMessage+0x83 fffff880`16164c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16164c40) 0000002b`5369f758 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8001d58080 Cid 0360.0ae0 Teb: 000007f6fa6b4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800374e740 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15734670 Ticks: 6458 (0:00:01:40.745) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef359f270 Stack Init fffff8801604cdd0 Current fffff8801604c900 Base fffff8801604d000 Limit fffff88016047000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1604c940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 000007f6`fa6b4000 : nt!KiSwapContext+0x76 fffff880`1604ca80 fffff802`b3b29c1f : 0000002b`79517350 fffff880`1604cb60 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1604cb40 fffff802`b3ec9df6 : fffffa80`0374e740 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1604cbd0 fffff802`b3b02d53 : fffffa80`01d58080 00000000`0001d4c0 fffff880`1604cc18 fffffa80`0374e740 : nt!NtWaitForSingleObject+0xb6 fffff880`1604cc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1604cc40) 0000002b`52f6fd38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001f2b080 Cid 0360.03c0 Teb: 000007f6fa694000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039e0bc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161fedd0 Current fffff880161fe760 Base fffff880161ff000 Limit fffff880161f9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161fe7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 000007fe`f7ee38c0 0000002b`537a5b40 : nt!KiSwapContext+0x76 fffff880`161fe8e0 fffff802`b3b38ddb : fffffa80`02da3970 00000000`00000000 00000000`00000000 fffff880`161fea80 : nt!KiCommitThreadWait+0x23c fffff880`161fe9a0 fffff802`b3ed0b6c : fffffa80`039e0bc0 fffffa80`01f2b001 00000000`00000001 0000002b`53aaf600 : nt!KeRemoveQueueEx+0x26b fffff880`161fea50 fffff802`b3b434d5 : fffffa80`039e0bc0 0000002b`537eeaf0 fffff880`161feb80 fffffa80`02da3901 : nt!IoRemoveIoCompletion+0x4c fffff880`161feae0 fffff802`b3b02d53 : 00000000`00000bb8 0000002b`537eeaf0 0000002b`00000010 0000002b`53aaf630 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161fec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161fec40) 0000002b`53aaf5d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800400b080 Cid 0360.0934 Teb: 000007f6fa67e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003868500 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679686 Ticks: 61442 (0:00:15:58.501) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801750edd0 Current fffff8801750e760 Base fffff8801750f000 Limit fffff88017509000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1750e7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1750e8e0 fffff802`b3b38ddb : fffffa80`03868500 fffff802`b3b4c9fd 00000000`00000000 00000000`00000fa1 : nt!KiCommitThreadWait+0x23c fffff880`1750e9a0 fffff802`b3ed0b6c : fffffa80`03868500 fffffa80`0400b001 00000000`00000001 0000002b`54a0f900 : nt!KeRemoveQueueEx+0x26b fffff880`1750ea50 fffff802`b3b434d5 : fffffa80`03868500 0000002b`537eee90 fffff880`1750eb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`1750eae0 fffff802`b3b02d53 : 00000000`00000964 0000002b`537eee90 0000002b`00000010 0000002b`54a0f9b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1750ec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1750ec40) 0000002b`54a0f958 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002788740 Cid 0360.029c Teb: 000007f6fa67c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001ddac40 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679735 Ticks: 61393 (0:00:15:57.736) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017109dd0 Current fffff88017109760 Base fffff8801710a000 Limit fffff88017104000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171097a0 fffff802`b3b2d99c : fffff880`17109908 00000000`00000000 fffffa80`01812d80 fffffa80`01db5e70 : nt!KiSwapContext+0x76 fffff880`171098e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00120002 00000000`00000000 fffff880`17109cc0 : nt!KiCommitThreadWait+0x23c fffff880`171099a0 fffff802`b3ed0b6c : fffffa80`01ddac40 fffffa80`02788701 00000000`00000001 0000002b`54a8f700 : nt!KeRemoveQueueEx+0x26b fffff880`17109a50 fffff802`b3b434d5 : fffffa80`01ddac40 0000002b`537edc70 fffff880`17109b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17109ae0 fffff802`b3b02d53 : 00000000`00000760 0000002b`537edc70 00000000`00000010 0000002b`54a8f700 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17109c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17109c40) 0000002b`54a8f6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001c6c080 Cid 0360.0d30 Teb: 000007f6fa67a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036ed940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679696 Ticks: 61432 (0:00:15:58.345) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017037dd0 Current fffff88017037760 Base fffff88017038000 Limit fffff88017032000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170377a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`170378e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`170379a0 fffff802`b3ed0b6c : fffffa80`036ed940 fffffa80`01c6c001 00000000`00000001 0000002b`54b0f800 : nt!KeRemoveQueueEx+0x26b fffff880`17037a50 fffff802`b3b434d5 : fffffa80`036ed940 0000002b`537ee010 fffff880`17037b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17037ae0 fffff802`b3b02d53 : 00000000`00000a10 0000002b`537ee010 fffff880`00000010 0000002b`54b0f870 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17037c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17037c40) 0000002b`54b0f818 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003f68080 Cid 0360.08c8 Teb: 000007f6fa678000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800180aa00 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679706 Ticks: 61422 (0:00:15:58.189) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880163e4dd0 Current fffff880163e4760 Base fffff880163e5000 Limit fffff880163df000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`163e47a0 fffff802`b3b2d99c : fffff880`15683a84 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`163e48e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`163e4cc0 : nt!KiCommitThreadWait+0x23c fffff880`163e49a0 fffff802`b3ed0b6c : fffffa80`0180aa00 fffffa80`03f68001 00000000`00000001 0000002b`54b8fb00 : nt!KeRemoveQueueEx+0x26b fffff880`163e4a50 fffff802`b3b434d5 : fffffa80`0180aa00 0000002b`539419d0 fffff880`163e4b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`163e4ae0 fffff802`b3b02d53 : 00000000`00000c28 0000002b`539419d0 fffff880`00000010 0000002b`54b8fbe0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`163e4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163e4c40) 0000002b`54b8fb88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003f20800 Cid 0360.03cc Teb: 000007f6fa676000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fb1080 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680337 Ticks: 60791 (0:00:15:48.345) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016262dd0 Current fffff88016262760 Base fffff88016263000 Limit fffff8801625d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162627a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 000007fe`f7ee38c0 0000002b`5386ff60 : nt!KiSwapContext+0x76 fffff880`162628e0 fffff802`b3b38ddb : fffffa80`03077360 00000000`00000000 00000000`00000000 fffff880`16262a80 : nt!KiCommitThreadWait+0x23c fffff880`162629a0 fffff802`b3ed0b6c : fffffa80`03fb1080 fffffa80`03f20801 00000000`00000001 0000002b`54c0f700 : nt!KeRemoveQueueEx+0x26b fffff880`16262a50 fffff802`b3b434d5 : fffffa80`03fb1080 0000002b`53942110 fffff880`16262b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`16262ae0 fffff802`b3b02d53 : 00000000`000009a8 0000002b`53942110 0000002b`00000010 0000002b`54c0f780 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16262c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16262c40) 0000002b`54c0f728 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80038159c0 Cid 0360.0628 Teb: 000007f6fa668000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8004001280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801544cdd0 Current fffff8801544c760 Base fffff8801544d000 Limit fffff88015447000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1544c7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1544c8e0 fffff802`b3b38ddb : fffffa80`04001280 fffff802`b3b4c9fd 00000000`00000000 00000000`00000fcb : nt!KiCommitThreadWait+0x23c fffff880`1544c9a0 fffff802`b3ed0b6c : fffffa80`04001280 fffffa80`03815901 00000000`00000001 0000002b`54f8fb00 : nt!KeRemoveQueueEx+0x26b fffff880`1544ca50 fffff802`b3b434d5 : fffffa80`04001280 0000002b`53942f90 fffff880`1544cb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`1544cae0 fffff802`b3b02d53 : 00000000`00000b2c 0000002b`53942f90 0000002b`00000010 0000002b`54f8fb70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1544cc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1544cc40) 0000002b`54f8fb18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003793080 Cid 0360.0ddc Teb: 000007f6fa6ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740467 Ticks: 661 (0:00:00:10.311) Context Switch Count 860 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015068dd0 Current fffff88015068760 Base fffff88015069000 Limit fffff88015063000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150687a0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 00000000`00000000 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`150688e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`15068b78 : nt!KiCommitThreadWait+0x23c fffff880`150689a0 fffff802`b3ed0b6c : fffffa80`037d9740 fffffa80`03793001 00000000`00000001 0000002b`5361f900 : nt!KeRemoveQueueEx+0x26b fffff880`15068a50 fffff802`b3b434d5 : fffffa80`037d9740 0000002b`53815dd0 fffff880`15068b80 fffff802`b3b2a501 : nt!IoRemoveIoCompletion+0x4c fffff880`15068ae0 fffff802`b3b02d53 : 00000000`0000009c 0000002b`53815dd0 fffffa80`00000010 0000002b`5361f9e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15068c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15068c40) 0000002b`5361f988 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002156080 Cid 0360.09ac Teb: 000007f6fa7e9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170f4dd0 Current fffff880170f4760 Base fffff880170f5000 Limit fffff880170ef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170f47a0 fffff802`b3b2d99c : 0000002b`50d8f902 00000000`00000000 fffffa80`02156080 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`170f48e0 fffff802`b3b38ddb : fffff8a0`01e6a640 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`170f49a0 fffff802`b3ed0b6c : fffffa80`037d9740 fffffa80`02156001 00000000`00000001 0000002b`50d8fb00 : nt!KeRemoveQueueEx+0x26b fffff880`170f4a50 fffff802`b3b434d5 : fffffa80`037d9740 0000002b`53816170 fffff880`170f4b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`170f4ae0 fffff802`b3b02d53 : 00000000`0000009c 0000002b`53816170 0000002b`00000010 0000002b`50d8fb60 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170f4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170f4c40) 0000002b`50d8fb08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80018c29c0 Cid 0360.06a0 Teb: 000007f6fa7e5000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 209 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017394dd0 Current fffff88017394760 Base fffff88017395000 Limit fffff8801738f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173947a0 fffff802`b3b2d99c : 0000002b`00000000 00000000`00000000 fffffa80`00000001 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`173948e0 fffff802`b3b38ddb : fffff8a0`01e6a640 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`173949a0 fffff802`b3ed0b6c : fffffa80`037d9740 fffffa80`018c2901 00000000`00000001 0000002b`52d6f700 : nt!KeRemoveQueueEx+0x26b fffff880`17394a50 fffff802`b3b434d5 : fffffa80`037d9740 0000002b`53814bb0 fffff880`17394b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17394ae0 fffff802`b3b02d53 : 00000000`0000009c 0000002b`53814bb0 0000002b`00000010 0000002b`52d6f7e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17394c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17394c40) 0000002b`52d6f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020cab00 Cid 0360.0614 Teb: 000007f6fa7eb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733831 Ticks: 7297 (0:00:01:53.833) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174ebdd0 Current fffff880174eb760 Base fffff880174ec000 Limit fffff880174e6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174eb7a0 fffff802`b3b2d99c : 0000002b`509bfa02 00000000`00000000 fffffa80`020cab00 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`174eb8e0 fffff802`b3b38ddb : fffff8a0`02b34780 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`174eb9a0 fffff802`b3ed0b6c : fffffa80`037d9740 fffffa80`020cab01 00000000`00000001 0000002b`509bfc00 : nt!KeRemoveQueueEx+0x26b fffff880`174eba50 fffff802`b3b434d5 : fffffa80`037d9740 0000002b`53815a30 fffff880`174ebb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`174ebae0 fffff802`b3b02d53 : 00000000`0000009c 0000002b`53815a30 0000002b`00000010 0000002b`509bfce0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174ebc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174ebc40) 0000002b`509bfc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80033d8080 Cid 0360.0940 Teb: 000007f6fa7e7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037d9740 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80037e9940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739290 Ticks: 1838 (0:00:00:28.672) Context Switch Count 246 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801659ddd0 Current fffff8801659d760 Base fffff8801659e000 Limit fffff88016598000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1659d7a0 fffff802`b3b2d99c : 0000002b`5116f602 00000000`00000000 fffffa80`033d8080 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`1659d8e0 fffff802`b3b38ddb : fffff8a0`01e6a640 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`1659d9a0 fffff802`b3ed0b6c : fffffa80`037d9740 fffffa80`033d8001 00000000`00000001 0000002b`5116f800 : nt!KeRemoveQueueEx+0x26b fffff880`1659da50 fffff802`b3b434d5 : fffffa80`037d9740 0000002b`53816510 fffff880`1659db80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1659dae0 fffff802`b3b02d53 : 00000000`0000009c 0000002b`53816510 0000002b`00000010 0000002b`5116f8b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1659dc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1659dc40) 0000002b`5116f858 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003879940 SessionId: 0 Cid: 03f0 Peb: 7f6fad89000 ParentCid: 0220 DirBase: 3584e000 ObjectTable: fffff8a002669480 HandleCount: Image: svchost.exe THREAD fffffa80038999c0 Cid 03f0.03f4 Teb: 000007f6fad8e000 Win32Thread: fffff90100665710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800389a8e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88015471dd0 Current fffff88015471900 Base fffff88015472000 Limit fffff8801546c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15471940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`0389a6c0 0000006f`45b29e70 : nt!KiSwapContext+0x76 fffff880`15471a80 fffff802`b3b29c1f : fffff880`15471b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15471b40 fffff802`b3ec9df6 : fffffa80`0389a8e0 fffff880`00000006 00000000`00000001 0000006f`473f2900 : nt!KeWaitForSingleObject+0x1cf fffff880`15471bd0 fffff802`b3b02d53 : fffffa80`038999c0 00000000`ffffffff 00000000`00000000 fffffa80`0389a8e0 : nt!NtWaitForSingleObject+0xb6 fffff880`15471c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15471c40) 0000006f`45abf898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80038adb00 Cid 03f0.018c Teb: 000007f6fad87000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800388ab80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 8985 Ticks: 15732143 (2:20:10:23.003) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef2e7b224 Stack Init fffff8801543edd0 Current fffff8801543e7a0 Base fffff8801543f000 Limit fffff88015439000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80038acb00 Cid 03f0.021c Teb: 000007f6fac5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038be640 QueueObject IRP List: fffffa8001ca9c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736102 Ticks: 5026 (0:00:01:18.406) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154c5dd0 Current fffff880154c5760 Base fffff880154c6000 Limit fffff880154c0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`154c57a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`01ca9c10 : nt!KiSwapContext+0x76 fffff880`154c58e0 fffff802`b3b38ddb : fffffa80`039a0000 fffffa80`00000103 00000000`00000000 fffff802`b3d13fb0 : nt!KiCommitThreadWait+0x23c fffff880`154c59a0 fffff802`b3ed0b6c : fffffa80`038be640 fffffa80`038acb01 00000000`00000001 0000006f`466ef800 : nt!KeRemoveQueueEx+0x26b fffff880`154c5a50 fffff802`b3b434d5 : fffffa80`038be640 0000006f`45b48e20 fffff880`154c5b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`154c5ae0 fffff802`b3b02d53 : 00000000`000001b0 0000006f`45b48e20 0000006f`00000010 0000006f`466ef8e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`154c5c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154c5c40) 0000006f`466ef888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80038ca080 Cid 03f0.014c Teb: 000007f6fad85000 Win32Thread: fffff901006a5b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8003735810: (0006,03e8) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736541 Ticks: 4587 (0:00:01:11.557) Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880154bedd0 Current fffff880154be760 Base fffff880154bf000 Limit fffff880154b9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`154be7a0 fffff802`b3b2d99c : 0000006f`465bf302 00000000`00000000 fffffa80`038ca080 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`154be8e0 fffff802`b3b38ddb : fffff8a0`06ca65c0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`154be9a0 fffff802`b3ed0b6c : fffffa80`03862800 fffffa80`038ca001 00000000`00000001 0000006f`465bf600 : nt!KeRemoveQueueEx+0x26b fffff880`154bea50 fffff802`b3b434d5 : fffffa80`03862800 0000006f`45b589b0 fffff880`154beb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`154beae0 fffff802`b3b02d53 : 00000000`0000009c 0000006f`45b589b0 0000006f`00000010 0000006f`465bf650 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`154bec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154bec40) 0000006f`465bf5f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003965b00 Cid 03f0.0380 Teb: 000007f6fac5c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003950d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9544 Ticks: 15731584 (2:20:10:14.283) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801553bdd0 Current fffff8801553b900 Base fffff8801553c000 Limit fffff88015536000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800397e080 Cid 03f0.022c Teb: 000007f6fac58000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003951970 SynchronizationEvent fffffa8003921600 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9559 Ticks: 15731569 (2:20:10:14.049) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0425d98 Stack Init fffff88015581dd0 Current fffff88015581180 Base fffff88015582000 Limit fffff8801557c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003984b00 Cid 03f0.0410 Teb: 000007f6fac54000 Win32Thread: fffff901006f4b90 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 1324 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155abdd0 Current fffff880155ab760 Base fffff880155ac000 Limit fffff880155a6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`155ab7a0 fffff802`b3b2d99c : fffff880`155abcc0 00000000`00000000 fffffa80`03984b00 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`155ab8e0 fffff802`b3b38ddb : fffff8a0`00a77b10 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`155ab9a0 fffff802`b3ed0b6c : fffffa80`03862800 fffffa80`03984b01 00000000`00000001 0000006f`46fff500 : nt!KeRemoveQueueEx+0x26b fffff880`155aba50 fffff802`b3b434d5 : fffffa80`03862800 0000006f`45b7caf0 fffff880`155abb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`155abae0 fffff802`b3b02d53 : 00000000`0000009c 0000006f`45b7caf0 0000006f`00000010 0000006f`46fff580 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155abc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155abc40) 0000006f`46fff528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003918800 Cid 03f0.042c Teb: 000007f6fac50000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003943060 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 9690 Ticks: 15731438 (2:20:10:12.005) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff880155cedd0 Current fffff880155ce900 Base fffff880155cf000 Limit fffff880155c9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039aa080 Cid 03f0.0590 Teb: 000007f6fac56000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba55d0 NotificationEvent fffffa800181aa50 NotificationEvent fffffa8003dbcfe0 NotificationEvent fffffa8003bf5190 SynchronizationTimer fffffa80018106e0 SynchronizationEvent fffffa8003f98600 SynchronizationEvent fffffa8001837060 SynchronizationEvent fffffa800184ea70 SynchronizationEvent fffffa8003f747e0 SynchronizationEvent fffffa80040693e0 NotificationEvent Impersonation token: fffff8a0027cf060 (Level Impersonation) Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741043 Ticks: 85 (0:00:00:01.326) Context Switch Count 10373 IdealProcessor: 0 UserTime 00:00:12.604 KernelTime 00:00:05.553 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014fdbdd0 Current fffff88014fdb180 Base fffff88014fdc000 Limit fffff88014fd6000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14fdb1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff8a0`00000001 00000000`00100089 : nt!KiSwapContext+0x76 fffff880`14fdb300 fffff802`b3b293cd : fffff880`14fdb5c0 fffff8a0`00255884 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14fdb3c0 fffff802`b3eca2ac : fffffa80`0000000a fffff880`14fdb540 fffffa80`040693e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14fdb470 fffff802`b3eca723 : 00000000`0000000a 00000000`00000001 00000000`00000000 fffff802`b3ef63ca : nt!ObWaitForMultipleObjects+0x29c fffff880`14fdb980 fffff802`b3b02d53 : fffffa80`039aa080 0000006f`46f7e2e8 fffff880`14fdbbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14fdbbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fdbc40) 0000006f`46f7e2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039b1080 Cid 03f0.05a4 Teb: 000007f6fac48000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800399a8c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10746 Ticks: 15730382 (2:20:09:55.531) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014fe9dd0 Current fffff88014fe9760 Base fffff88014fea000 Limit fffff88014fe4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80039a7a00 Cid 03f0.05a8 Teb: 000007f6fac46000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a5fe0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10745 Ticks: 15730383 (2:20:09:55.547) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef47ba00 Stack Init fffff88014fe2dd0 Current fffff88014fe2900 Base fffff88014fe3000 Limit fffff88014fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea3b00 Cid 03f0.077c Teb: 000007f6fac4c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea6b00 Thread Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fcddd0 Current fffff88015fcd900 Base fffff88015fce000 Limit fffff88015fc8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ea6b00 Cid 03f0.078c Teb: 000007f6fac44000 Win32Thread: fffff901006953a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003e1b340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680787 Ticks: 60341 (0:00:15:41.325) Context Switch Count 111 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedec1d44 Stack Init fffff88015fb1dd0 Current fffff88015fb15f0 Base fffff88015fb2000 Limit fffff88015fac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15fb1630 fffff802`b3b2d99c : ffff7cad`45656eaa 00000000`00000000 fffffa80`03ea6c40 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`15fb1770 fffff802`b3b29c1f : 00000000`00010224 00000000`00000000 00000000`00000000 fffff802`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15fb1830 fffff802`b3b2943e : fffffa80`03e1b340 00000000`0000000d fffffa80`03ea6b01 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`15fb18c0 fffff960`00153e07 : fffff901`00000001 fffff880`15fb19e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`15fb1970 fffff960`00154765 : fffff901`00190000 fffff901`00690000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`15fb1a40 fffff960`00152e99 : fffff880`15fb1cc0 00000000`00000100 00000000`00000001 fffff802`00000000 : win32k!xxxSleepThread+0xc5 fffff880`15fb1a90 fffff960`001545f3 : fffff880`15fb1bf8 00000070`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`15fb1bb0 fffff802`b3b02d53 : fffffa80`03ea6b00 00000000`00000698 00000000`00000020 000007fe`f5f249d0 : win32k!NtUserGetMessage+0x83 fffff880`15fb1c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15fb1c40) 00000070`4767f6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8003eac440 Cid 03f0.0794 Teb: 000007f6fac40000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003683360 NotificationEvent fffffa8003e3ac70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12544 Ticks: 15728584 (2:20:09:27.482) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedec22c4 Stack Init fffff88015fe2dd0 Current fffff88015fe2180 Base fffff88015fe3000 Limit fffff88015fdd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f935c0 Cid 03f0.0788 Teb: 000007f6fac4e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a700 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14894 Ticks: 15726234 (2:20:08:50.822) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015fa3dd0 Current fffff88015fa3900 Base fffff88015fa4000 Limit fffff88015f9e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027b9080 Cid 03f0.090c Teb: 000007f6fac32000 Win32Thread: fffff901006a7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80027835e0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681099 Ticks: 60029 (0:00:15:36.458) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016357dd0 Current fffff88016357900 Base fffff88016358000 Limit fffff88016352000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16357940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000001 fffffa80`027b9080 : nt!KiSwapContext+0x76 fffff880`16357a80 fffff802`b3b29c1f : ffff7cad`46ab037a fffff802`b3b304a6 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16357b40 fffff802`b3ec9df6 : fffffa80`027835e0 00000070`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16357bd0 fffff802`b3b02d53 : fffffa80`027b9080 00000000`ffffffff 00000000`00000000 fffffa80`027835e0 : nt!NtWaitForSingleObject+0xb6 fffff880`16357c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16357c40) 00000070`47fefaf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003ef2b00 Cid 03f0.09b4 Teb: 000007f6fac2e000 Win32Thread: fffff901001ea820 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e4c70 NotificationEvent fffffa8003f918f0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016270dd0 Current fffff88016270180 Base fffff88016271000 Limit fffff8801626b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162701c0 fffff802`b3b2d99c : 00000000`002b002b 00000000`00000000 00000000`00000000 00000000`00000008 : nt!KiSwapContext+0x76 fffff880`16270300 fffff802`b3b293cd : 00000000`0000027f 00000000`00000000 00000000`00000000 00000000`00001f80 : nt!KiCommitThreadWait+0x23c fffff880`162703c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16270540 fffffa80`03f918f0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16270470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 000007fe`f1ca4000 : nt!ObWaitForMultipleObjects+0x29c fffff880`16270980 fffff802`b3b02d53 : fffffa80`03ef2b00 00000070`4835f498 fffff880`16270be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16270bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16270c40) 00000070`4835f478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038e9b00 Cid 03f0.09b8 Teb: 000007f6fac2c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f91360 NotificationEvent fffffa8003e0fc60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681388 Ticks: 59740 (0:00:15:31.949) Context Switch Count 369 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016277dd0 Current fffff88016277180 Base fffff88016278000 Limit fffff88016272000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162771c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000001 00000000`00000801 : nt!KiSwapContext+0x76 fffff880`16277300 fffff802`b3b293cd : fffff880`16277698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`162773c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`16277540 fffffa80`03e0fc60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16277470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`16277980 fffff802`b3b02d53 : fffffa80`038e9b00 00000070`48a6f6d8 fffff880`16277be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16277bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16277c40) 00000070`48a6f6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e8cb00 Cid 03f0.09bc Teb: 000007f6fac2a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f5fe60 NotificationEvent fffffa8003f47d60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681387 Ticks: 59741 (0:00:15:31.965) Context Switch Count 377 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801605add0 Current fffff8801605a180 Base fffff8801605b000 Limit fffff88016055000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1605a1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000001 00000000`00000801 : nt!KiSwapContext+0x76 fffff880`1605a300 fffff802`b3b293cd : fffff880`1605a698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`1605a3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1605a540 fffffa80`03f47d60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1605a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`1605a980 fffff802`b3b02d53 : fffffa80`03e8cb00 00000070`48aef508 fffff880`1605abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1605abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1605ac40) 00000070`48aef4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80027c1080 Cid 03f0.09c0 Teb: 000007f6fac28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f30650 NotificationEvent fffffa8003e0ce90 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681390 Ticks: 59738 (0:00:15:31.918) Context Switch Count 1348 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88016269dd0 Current fffff88016269180 Base fffff8801626a000 Limit fffff88016264000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162691c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 fffff880`162697e8 : nt!KiSwapContext+0x76 fffff880`16269300 fffff802`b3b293cd : fffff880`16269610 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`162693c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16269540 fffffa80`03e0ce90 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16269470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`16269980 fffff802`b3b02d53 : fffffa80`027c1080 00000070`48b6f688 fffff880`16269be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16269bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16269c40) 00000070`48b6f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8004080740 Cid 03f0.09c4 Teb: 000007f6fac26000 Win32Thread: fffff9010069bb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0cf10 NotificationEvent fffffa8003f951b0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681386 Ticks: 59742 (0:00:15:31.981) Context Switch Count 280 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003194dd0 Current fffff88003194180 Base fffff88003195000 Limit fffff8800318f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`031941c0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 fffff8a0`00000001 fffff8a0`02c4d864 : nt!KiSwapContext+0x76 fffff880`03194300 fffff802`b3b293cd : fffff880`0319449c fffff8a0`02c4d864 00000000`00000000 ffff7cad`53873b5a : nt!KiCommitThreadWait+0x23c fffff880`031943c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`03194540 fffffa80`03f951b0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03194470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`03194980 fffff802`b3b02d53 : fffffa80`04080740 00000070`48bef6e8 fffff880`03194be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03194bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03194c40) 00000070`48bef6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e9ab00 Cid 03f0.09c8 Teb: 000007f6fac24000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95400 NotificationEvent fffffa80040181d0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681882 Ticks: 59246 (0:00:15:24.243) Context Switch Count 837 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880162eedd0 Current fffff880162ee180 Base fffff880162ef000 Limit fffff880162e9000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162ee1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`162ee300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`162ee3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`162ee540 fffffa80`040181d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`162ee470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`162ee980 fffff802`b3b02d53 : fffffa80`03e9ab00 00000070`48c6f3f8 fffff880`162eebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`162eebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162eec40) 00000070`48c6f3d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003dc4340 Cid 03f0.09d0 Teb: 000007f6fac22000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f3b300 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 14909 Ticks: 15726219 (2:20:08:50.588) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f47dd0 Current fffff88002f47760 Base fffff88002f48000 Limit fffff88002f42000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002da3b00 Cid 03f0.05b8 Teb: 000007f6fac5a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80038ce440 SynchronizationEvent fffffa80024c5ee0 SynchronizationEvent fffffa800268b680 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 22773 Ticks: 15718355 (2:20:06:47.909) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feebf42b68 Stack Init fffff880154efdd0 Current fffff880154ef180 Base fffff880154f0000 Limit fffff880154ea000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002e5ab00 Cid 03f0.0970 Teb: 000007f6fad8c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306d620 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 20972 Ticks: 15720156 (2:20:07:16.005) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88015f25dd0 Current fffff88015f25900 Base fffff88015f26000 Limit fffff88015f20000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800414f080 Cid 03f0.0878 Teb: 000007f6fac34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e0a900 SynchronizationEvent fffffa800413f5a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740542 Ticks: 586 (0:00:00:09.141) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017180dd0 Current fffff88017180180 Base fffff88017181000 Limit fffff8801717b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171801c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17180300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`171803c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17180540 fffffa80`0413f5a0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17180470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02049000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17180980 fffff802`b3b02d53 : fffffa80`0414f080 00000070`480ef038 fffff880`17180be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17180bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17180c40) 00000070`480ef018 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018d0b00 Cid 03f0.0c98 Teb: 000007f6fac1e000 Win32Thread: fffff901006fbb90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003fc1910 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 31963 Ticks: 15709165 (2:20:04:24.544) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801711edd0 Current fffff8801711e5f0 Base fffff8801711f000 Limit fffff88017119000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001ff0080 Cid 03f0.0f00 Teb: 000007f6fad83000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject IRP List: fffffa8001f542c0: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 1122 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160fbdd0 Current fffff880160fb760 Base fffff880160fc000 Limit fffff880160f6000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`160fb7a0 fffff802`b3b2d99c : 00000070`477ff502 00000000`00000000 fffffa80`018af1f0 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`160fb8e0 fffff802`b3b38ddb : fffff8a0`068e1cf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`160fb9a0 fffff802`b3ed0b6c : fffffa80`03862800 fffffa80`01ff0001 00000000`00000001 00000070`477ff700 : nt!KeRemoveQueueEx+0x26b fffff880`160fba50 fffff802`b3b434d5 : fffffa80`03862800 00000070`48d22cb0 fffff880`160fbb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`160fbae0 fffff802`b3b02d53 : 00000000`0000009c 00000070`48d22cb0 0000006f`00000010 00000070`477ff7c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160fbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160fbc40) 00000070`477ff768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800260da00 Cid 03f0.0da0 Teb: 000007f6fac3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001822160 NotificationEvent fffffa8003648c60 SynchronizationEvent IRP List: fffffa80038d3b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80038204b0 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedec25b4 Stack Init fffff8801630add0 Current fffff8801630a180 Base fffff8801630b000 Limit fffff88016305000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1630a1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1630a300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1630a3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1630a540 fffffa80`03648c60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1630a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`039d8554 : nt!ObWaitForMultipleObjects+0x29c fffff880`1630a980 fffff802`b3b02d53 : fffffa80`0260da00 00000070`478ff408 fffff880`1630abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1630abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1630ac40) 00000070`478ff3e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80037dd700 Cid 03f0.0d48 Teb: 000007f6fac3a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800306a2b0 NotificationEvent fffffa8003e59ba0 SynchronizationEvent IRP List: fffffa8001fbe9f0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003022330 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedec25b4 Stack Init fffff880155c7dd0 Current fffff880155c7180 Base fffff880155c8000 Limit fffff880155c2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155c71c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`155c7300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`155c73c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`155c7540 fffffa80`03e59ba0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`155c7470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`039d8554 : nt!ObWaitForMultipleObjects+0x29c fffff880`155c7980 fffff802`b3b02d53 : fffffa80`037dd700 00000070`4797f648 fffff880`155c7be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`155c7bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155c7c40) 00000070`4797f628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b02540 Cid 03f0.0ac4 Teb: 000007f6fac38000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8004129190 NotificationEvent fffffa800183e8e0 SynchronizationEvent IRP List: fffffa800413d9e0: (0006,03e8) Flags: 00060900 Mdl: fffffa8003250690 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679030 Ticks: 62098 (0:00:16:08.735) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feedec25b4 Stack Init fffff8801635edd0 Current fffff8801635e180 Base fffff8801635f000 Limit fffff88016359000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1635e1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1635e300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1635e3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1635e540 fffffa80`0183e8e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1635e470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`039d8554 : nt!ObWaitForMultipleObjects+0x29c fffff880`1635e980 fffff802`b3b02d53 : fffffa80`03b02540 00000070`479ff4a8 fffff880`1635ebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1635ebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1635ec40) 00000070`479ff488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80036ca9c0 Cid 03f0.0e58 Teb: 000007f6fac4a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f073f0 NotificationEvent fffffa8003e70460 NotificationEvent fffffa8001cd5720 NotificationEvent fffffa800262ab60 NotificationEvent fffffa80039b6180 NotificationEvent fffffa80027e1410 NotificationEvent fffffa8003b69c80 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef479820 Stack Init fffff88014ecadd0 Current fffff88014eca180 Base fffff88014ecb000 Limit fffff88014ec5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14eca1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14eca300 fffff802`b3b293cd : fffff880`14eca698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14eca3c0 fffff802`b3eca2ac : fffff880`00000007 fffff880`14eca540 fffffa80`03b69c80 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14eca470 fffff802`b3eca723 : 00000000`00000007 00000000`00000001 00000000`00000000 00000000`00000002 : nt!ObWaitForMultipleObjects+0x29c fffff880`14eca980 fffff802`b3b02d53 : fffffa80`036ca9c0 0000006f`4727f2e8 fffff880`14ecabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14ecabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ecac40) 0000006f`4727f2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003d9b080 Cid 03f0.0580 Teb: 000007f6fac52000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003862800 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003879940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 270 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174cbdd0 Current fffff880174cb760 Base fffff880174cc000 Limit fffff880174c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174cb7a0 fffff802`b3b2d99c : fffff8a0`00afe030 00000000`00000000 00000000`00000001 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`174cb8e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`174cbb78 : nt!KiCommitThreadWait+0x23c fffff880`174cb9a0 fffff802`b3ed0b6c : fffffa80`03862800 fffffa80`03d9b001 00000000`00000001 0000006f`4707f600 : nt!KeRemoveQueueEx+0x26b fffff880`174cba50 fffff802`b3b434d5 : fffffa80`03862800 00000070`48d22910 fffff880`174cbb80 00000000`00000008 : nt!IoRemoveIoCompletion+0x4c fffff880`174cbae0 fffff802`b3b02d53 : 00000000`0000009c 00000070`48d22910 00000000`00000010 0000006f`4707f690 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174cbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174cbc40) 0000006f`4707f638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa800392c540 SessionId: 0 Cid: 03b8 Peb: 7f6fb68f000 ParentCid: 0220 DirBase: 2fe18000 ObjectTable: fffff8a00277ad80 HandleCount: Image: svchost.exe THREAD fffffa800391a700 Cid 03b8.027c Teb: 000007f6fb68d000 Win32Thread: fffff90100671710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003931f50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 185 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88015527dd0 Current fffff88015527900 Base fffff88015528000 Limit fffff88015522000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15527940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03931d30 000000c2`343d93f0 : nt!KiSwapContext+0x76 fffff880`15527a80 fffff802`b3b29c1f : fffff880`15527b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15527b40 fffff802`b3ec9df6 : fffffa80`03931f50 fffff880`00000006 00000000`00000001 000000c2`76be4500 : nt!KeWaitForSingleObject+0x1cf fffff880`15527bd0 fffff802`b3b02d53 : fffffa80`0391a700 00000000`ffffffff 00000000`00000000 fffffa80`03931f50 : nt!NtWaitForSingleObject+0xb6 fffff880`15527c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15527c40) 000000c2`3429f828 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800395b080 Cid 03b8.0264 Teb: 000007f6fb685000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039278c0 NotificationEvent fffffa800372eb58 NotificationEvent fffffa800391e4e0 SynchronizationEvent fffffa80038b04b0 SynchronizationEvent IRP List: fffffa8003938840: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740650 Ticks: 478 (0:00:00:07.456) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0b338fc Stack Init fffff880154dadd0 Current fffff880154da180 Base fffff880154db000 Limit fffff880154d5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`154da1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`154da300 fffff802`b3b293cd : fffff880`154da698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`154da3c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`154da540 fffffa80`038b04b0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`154da470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 fffff880`154da9b0 fffff680`611a6bf8 : nt!ObWaitForMultipleObjects+0x29c fffff880`154da980 fffff802`b3b02d53 : fffffa80`0395b080 000000c2`34d7f798 fffff880`154dabe8 000000c2`34d7f7c0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`154dabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154dac40) 000000c2`34d7f778 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800396a080 Cid 03b8.02ac Teb: 000007f6fb683000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963650 NotificationEvent fffffa80039278c0 NotificationEvent IRP List: fffffa800360cc10: (0006,01f0) Flags: 00060030 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15681374 Ticks: 59754 (0:00:15:32.168) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0b34d90 Stack Init fffff880154fddd0 Current fffff880154fd180 Base fffff880154fe000 Limit fffff880154f8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154fd1c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffff880`00000000 fffff880`154fd570 : nt!KiSwapContext+0x76 fffff880`154fd300 fffff802`b3b293cd : fffff8a0`021e8060 00000000`00020019 00000000`00000000 fffff802`b3b46ae0 : nt!KiCommitThreadWait+0x23c fffff880`154fd3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`154fd540 fffffa80`039278c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`154fd470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`154fd9b0 00000000`00000050 : nt!ObWaitForMultipleObjects+0x29c fffff880`154fd980 fffff802`b3b02d53 : fffffa80`0396a080 000000c2`34dff5b8 fffff880`154fdbe8 000000c2`34dff5e0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`154fdbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154fdc40) 000000c2`34dff598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003963080 Cid 03b8.0274 Teb: 000007f6fb55e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393a0c0 NotificationEvent fffffa8003858f60 NotificationEvent fffffa8003858fe0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679521 Ticks: 61607 (0:00:16:01.075) Context Switch Count 1728 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address 0x000007fef0b35720 Stack Init fffff88015565dd0 Current fffff88015565180 Base fffff88015566000 Limit fffff88015560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155651c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 fffffa80`036d4ec0 : nt!KiSwapContext+0x76 fffff880`15565300 fffff802`b3b293cd : 00000000`00000000 fffffa80`036d4ec0 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`155653c0 fffff802`b3eca2ac : fffffa80`00000003 fffff880`15565540 fffffa80`03858fe0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15565470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15565980 fffff802`b3b02d53 : fffffa80`03963080 000000c2`34e7fbb8 fffff880`15565be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15565bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15565c40) 000000c2`34e7fb98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800396ab00 Cid 03b8.03e8 Teb: 000007f6fb55c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003963e10 SynchronizationEvent fffffa800396a630 SynchronizationEvent fffffa80039636d0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679799 Ticks: 61329 (0:00:15:56.738) Context Switch Count 1551 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address 0x000007fef0b3517c Stack Init fffff8801556cdd0 Current fffff8801556c180 Base fffff8801556d000 Limit fffff88015567000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1556c1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1556c300 fffff802`b3b293cd : fffff880`1556c698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`1556c3c0 fffff802`b3eca2ac : fffffa80`00000003 fffff880`1556c540 fffffa80`039636d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1556c470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffffa80`0184cda0 : nt!ObWaitForMultipleObjects+0x29c fffff880`1556c980 fffff802`b3b02d53 : fffffa80`0396ab00 000000c2`34eff698 fffff880`1556cbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1556cbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1556cc40) 000000c2`34eff678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80030ae4c0 Cid 03b8.0534 Teb: 000007f6fb552000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800308c800 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10599 Ticks: 15730529 (2:20:09:57.825) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef737a10 Stack Init fffff88014f48dd0 Current fffff88014f487a0 Base fffff88014f49000 Limit fffff88014f43000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b1eb00 Cid 03b8.0540 Teb: 000007f6fb550000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800308c200 QueueObject IRP List: fffffa8001fd9010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d28010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003046010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003ddec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736475 Ticks: 4653 (0:00:01:12.587) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f56dd0 Current fffff88014f56760 Base fffff88014f57000 Limit fffff88014f51000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f567a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`01fd9010 : nt!KiSwapContext+0x76 fffff880`14f568e0 fffff802`b3b38ddb : fffffa80`01c70000 fffffa80`00000103 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f569a0 fffff802`b3ed0b6c : fffffa80`0308c200 fffffa80`03b1eb01 00000000`00000001 000000c2`3537f800 : nt!KeRemoveQueueEx+0x26b fffff880`14f56a50 fffff802`b3b434d5 : fffffa80`0308c200 000000c2`343f9830 fffff880`14f56b80 00000000`7ffe0301 : nt!IoRemoveIoCompletion+0x4c fffff880`14f56ae0 fffff802`b3b02d53 : 00000000`000002fc 000000c2`343f9830 fffff880`00000010 000000c2`3537f800 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f56c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f56c40) 000000c2`3537f7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003b64080 Cid 03b8.05ac Teb: 000007f6fb554000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039a43e0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11019 Ticks: 15730109 (2:20:09:51.273) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88014ff0dd0 Current fffff88014ff0900 Base fffff88014ff1000 Limit fffff88014feb000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b92980 Cid 03b8.05b0 Teb: 000007f6fb548000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b78c40 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10790 Ticks: 15730338 (2:20:09:54.845) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88014ff7dd0 Current fffff88014ff77a0 Base fffff88014ff8000 Limit fffff88014ff2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bbeb00 Cid 03b8.05fc Teb: 000007f6fb546000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbbc70 SynchronizationEvent fffffa8003ba72a0 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736071 Ticks: 5057 (0:00:01:18.889) Context Switch Count 11454 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.187 Win32 Start Address 0x000007feef60adf0 Stack Init fffff88014fbfdd0 Current fffff88014fbf180 Base fffff88014fc0000 Limit fffff88014fba000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14fbf1c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffff880`00000001 fffff880`009e6100 : nt!KiSwapContext+0x76 fffff880`14fbf300 fffff802`b3b293cd : fffff880`14fbf698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`14fbf3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`14fbf540 fffffa80`03ba72a0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14fbf470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3e5beb9 : nt!ObWaitForMultipleObjects+0x29c fffff880`14fbf980 fffff802`b3b02d53 : fffffa80`03bbeb00 000000c2`76dcf918 fffff880`14fbfbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14fbfbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fbfc40) 000000c2`76dcf8f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003be8080 Cid 03b8.060c Teb: 000007f6fb540000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741031 Ticks: 97 (0:00:00:01.513) Context Switch Count 11308 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.187 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e06dd0 Current fffff88015e06760 Base fffff88015e07000 Limit fffff88015e01000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e067a0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffffa80`00000001 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`15e068e0 fffff802`b3b38ddb : fffff8a0`067b4380 fffff802`b3cf72ba 00000000`00000000 fffff880`15e06a10 : nt!KiCommitThreadWait+0x23c fffff880`15e069a0 fffff802`b3ed0b6c : fffffa80`03919780 fffffa80`03be8001 00000000`00000001 000000c2`7704fb00 : nt!KeRemoveQueueEx+0x26b fffff880`15e06a50 fffff802`b3b434d5 : fffffa80`03919780 000000c2`3443deb0 fffff880`15e06b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e06ae0 fffff802`b3b02d53 : 00000000`000000a0 000000c2`3443deb0 fffff880`00000010 000000c2`7704fbd0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e06c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e06c40) 000000c2`7704fb78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003d9ba80 Cid 03b8.064c Teb: 000007f6fb53a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003d8dfe0 SynchronizationEvent fffffa8003675c80 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 11379 Ticks: 15729749 (2:20:09:45.657) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e45dd0 Current fffff88015e45180 Base fffff88015e46000 Limit fffff88015e40000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e13700 Cid 03b8.06bc Teb: 000007f6fb538000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e13aa8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00218c030 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeef05c38 Stack Init fffff8801619cdd0 Current fffff8801619c660 Base fffff8801619d000 Limit fffff88016197000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e94b00 Cid 03b8.0ee0 Teb: 000007f6fb558000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa800404faa0: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738611 Ticks: 2517 (0:00:00:39.265) Context Switch Count 4783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ec3dd0 Current fffff88015ec3760 Base fffff88015ec4000 Limit fffff88015ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ec37a0 fffff802`b3b2d99c : fffff880`15ec3908 00000000`00000000 fffffa80`01812d80 fffffa80`0210e550 : nt!KiSwapContext+0x76 fffff880`15ec38e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00120002 00000000`00000000 fffff880`15ec3cc0 : nt!KiCommitThreadWait+0x23c fffff880`15ec39a0 fffff802`b3ed0b6c : fffffa80`03919780 fffffa80`03e94b01 00000000`00000001 000000c2`002ff900 : nt!KeRemoveQueueEx+0x26b fffff880`15ec3a50 fffff802`b3b434d5 : fffffa80`03919780 000000c2`76cc87e0 fffff880`15ec3b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15ec3ae0 fffff802`b3b02d53 : 00000000`000000a0 000000c2`76cc87e0 fffff880`00000010 000000c2`002ff980 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ec3c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ec3c40) 000000c2`002ff928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003dcf940 Cid 03b8.0ec0 Teb: 000007f6fb556000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8003f9f730: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736646 Ticks: 4482 (0:00:01:09.919) Context Switch Count 1442 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ee6dd0 Current fffff88015ee6760 Base fffff88015ee7000 Limit fffff88015ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ee67a0 fffff802`b3b2d99c : fffff880`15ee6908 00000000`00000000 fffffa80`01812d80 fffffa80`02d7d400 : nt!KiSwapContext+0x76 fffff880`15ee68e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00120002 00000000`00000000 fffff880`15ee6cc0 : nt!KiCommitThreadWait+0x23c fffff880`15ee69a0 fffff802`b3ed0b6c : fffffa80`03919780 fffffa80`03dcf901 00000000`00000001 000000c2`0037f800 : nt!KeRemoveQueueEx+0x26b fffff880`15ee6a50 fffff802`b3b434d5 : fffffa80`03919780 000000c2`76cc8b80 fffff880`15ee6b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15ee6ae0 fffff802`b3b02d53 : 00000000`000000a0 000000c2`76cc8b80 fffff880`00000010 000000c2`0037f8f0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ee6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ee6c40) 000000c2`0037f898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001d7e080 Cid 03b8.0e10 Teb: 000007f6fb544000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject IRP List: fffffa8002142120: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736067 Ticks: 5061 (0:00:01:18.952) Context Switch Count 4965 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016205dd0 Current fffff88016205760 Base fffff88016206000 Limit fffff88016200000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162057a0 fffff802`b3b2d99c : fffff8a0`02c8dc40 00000000`00000000 fffff8a0`02c8dc40 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`162058e0 fffff802`b3b38ddb : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000070 : nt!KiCommitThreadWait+0x23c fffff880`162059a0 fffff802`b3ed0b6c : fffffa80`03919780 fffffa80`01d7e001 00000000`00000001 000000c2`0059fd00 : nt!KeRemoveQueueEx+0x26b fffff880`16205a50 fffff802`b3b434d5 : fffffa80`03919780 000000c2`76c5ea20 fffff880`16205b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`16205ae0 fffff802`b3b02d53 : 00000000`000000a0 000000c2`76c5ea20 00000000`00000010 000000c2`0059fd10 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16205c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16205c40) 000000c2`0059fcb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80037f5780 Cid 03b8.0cd4 Teb: 000007f6fb542000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f7b060 NotificationEvent fffffa80027a8780 NotificationEvent fffffa8003f762e0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679467 Ticks: 61661 (0:00:16:01.917) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0b35850 Stack Init fffff880164afdd0 Current fffff880164af180 Base fffff880164b0000 Limit fffff880164aa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`164af1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164af300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`164af3c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`164af540 fffffa80`03f762e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`164af470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`164af980 fffff802`b3b02d53 : fffffa80`037f5780 000000c2`0061f718 fffff880`164afbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`164afbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164afc40) 000000c2`0061f6f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001cc5080 Cid 03b8.0eb4 Teb: 000007f6fb689000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003919780 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa800392c540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738862 Ticks: 2266 (0:00:00:35.349) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015180dd0 Current fffff88015180760 Base fffff88015181000 Limit fffff8801517b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151807a0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffffa80`00000001 fffffa80`01890b00 : nt!KiSwapContext+0x76 fffff880`151808e0 fffff802`b3b38ddb : fffffa80`02d95800 ffffffff`ffffffff 00000000`00000000 00000000`00000204 : nt!KiCommitThreadWait+0x23c fffff880`151809a0 fffff802`b3ed0b6c : fffffa80`03919780 fffffa80`01cc5001 00000000`00000001 000000c2`0047fb00 : nt!KeRemoveQueueEx+0x26b fffff880`15180a50 fffff802`b3b434d5 : fffffa80`03919780 000000c2`76c5edc0 fffff880`15180b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15180ae0 fffff802`b3b02d53 : 00000000`000000a0 000000c2`76c5edc0 fffff880`00000010 000000c2`0047fb80 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15180c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15180c40) 000000c2`0047fb28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003b50480 SessionId: 0 Cid: 04c8 Peb: 7f7cf335000 ParentCid: 0220 DirBase: 3b055000 ObjectTable: fffff8a001f01980 HandleCount: Image: spoolsv.exe THREAD fffffa8003031800 Cid 04c8.04cc Teb: 000007f7cf33e000 Win32Thread: fffff90100679b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003037340 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f7cfbce6e0 Stack Init fffff88014ea7dd0 Current fffff88014ea7900 Base fffff88014ea8000 Limit fffff88014ea2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14ea7940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`030444c0 00000000`0076dac0 : nt!KiSwapContext+0x76 fffff880`14ea7a80 fffff802`b3b29c1f : fffff880`14ea7b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`14ea7b40 fffff802`b3ec9df6 : fffffa80`03037340 fffff880`00000006 00000000`00000001 00000000`00772500 : nt!KeWaitForSingleObject+0x1cf fffff880`14ea7bd0 fffff802`b3b02d53 : fffffa80`03031800 00000000`ffffffff 00000000`00000000 fffffa80`03037340 : nt!NtWaitForSingleObject+0xb6 fffff880`14ea7c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ea7c40) 00000000`005bf508 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003056b00 Cid 04c8.04d8 Teb: 000007f7cf338000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b55c60 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 10343 Ticks: 15730785 (2:20:10:01.818) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014ebcdd0 Current fffff88014ebc900 Base fffff88014ebd000 Limit fffff88014eb7000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800305d5c0 Cid 04c8.04e0 Teb: 000007f7cf333000 Win32Thread: fffff901006d9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039f84c0 SynchronizationEvent fffffa800399ab00 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18582 Ticks: 15722546 (2:20:07:53.289) Context Switch Count 172 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.078 Win32 Start Address 0x000007f7cfbc4e00 Stack Init fffff88014ec3dd0 Current fffff88014ec3180 Base fffff88014ec4000 Limit fffff88014ebe000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800269c700 Cid 04c8.0b34 Teb: 000007f7cf20e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001892de0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18364 Ticks: 15722764 (2:20:07:56.690) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec2654c0 Stack Init fffff88015512dd0 Current fffff88015512900 Base fffff88015513000 Limit fffff8801550d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002692080 Cid 04c8.0b4c Teb: 000007f7cf20c000 Win32Thread: fffff901006d9290 WAIT: (UserRequest) UserMode Non-Alertable fffffa800399ab80 SynchronizationEvent fffffa80039a16a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15693645 Ticks: 47483 (0:00:12:20.739) Context Switch Count 188 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007feeaa430ec Stack Init fffff8801516bdd0 Current fffff8801516b180 Base fffff8801516c000 Limit fffff88015166000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1516b1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 fffff802`b3cf875e : nt!KiSwapContext+0x76 fffff880`1516b300 fffff802`b3b293cd : fffffa80`02692080 fffff802`b3b62286 00000000`00000000 fffffa80`03b50480 : nt!KiCommitThreadWait+0x23c fffff880`1516b3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1516b540 fffffa80`039a16a0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1516b470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3b2d9db : nt!ObWaitForMultipleObjects+0x29c fffff880`1516b980 fffff802`b3b02d53 : fffffa80`02692080 00000000`0126f8e8 fffff880`1516bbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1516bbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1516bc40) 00000000`0126f8c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002772080 Cid 04c8.0b54 Teb: 000007f7cf208000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800371d320 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18614 Ticks: 15722514 (2:20:07:52.790) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeab85798 Stack Init fffff88003da1dd0 Current fffff88003da1900 Base fffff88003da2000 Limit fffff88003d9c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002767400 Cid 04c8.0b58 Teb: 000007f7cf206000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f29850 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 19667 Ticks: 15721461 (2:20:07:36.363) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeabce168 Stack Init fffff880160f4dd0 Current fffff880160f4900 Base fffff880160f5000 Limit fffff880160ef000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800276f080 Cid 04c8.0b7c Teb: 000007f7cf1fe000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038e98c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 18481 Ticks: 15722647 (2:20:07:54.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015534dd0 Current fffff88015534760 Base fffff88015535000 Limit fffff8801552f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002683080 Cid 04c8.05d8 Teb: 000007f7cf204000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80038c6a40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 21055 Ticks: 15720073 (2:20:07:14.710) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155b9dd0 Current fffff880155b9760 Base fffff880155ba000 Limit fffff880155b4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8002d65b00 Cid 04c8.0b10 Teb: 000007f7cf33c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003046d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8003b50480 Image: spoolsv.exe Attached Process N/A Image: N/A Wait Start TickCount 15728134 Ticks: 12994 (0:00:03:22.707) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173e2dd0 Current fffff880173e2760 Base fffff880173e3000 Limit fffff880173dd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`173e27a0 fffff802`b3b2d99c : 00000000`00010000 00000000`00000000 00000000`00010000 fffff802`b3e6acf2 : nt!KiSwapContext+0x76 fffff880`173e28e0 fffff802`b3b38ddb : 00000000`0000067c 00000000`00000000 00000000`00000000 fffff880`00000000 : nt!KiCommitThreadWait+0x23c fffff880`173e29a0 fffff802`b3ed0b6c : fffffa80`03046d80 fffffa80`02d65b01 00000000`00000001 00000000`00befc00 : nt!KeRemoveQueueEx+0x26b fffff880`173e2a50 fffff802`b3b434d5 : fffffa80`03046d80 00000000`007dab00 fffff880`173e2b80 00000000`ffffffff : nt!IoRemoveIoCompletion+0x4c fffff880`173e2ae0 fffff802`b3b02d53 : 00000000`0000007c 00000000`007dab00 00000000`00000010 00000000`00befc30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173e2c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173e2c40) 00000000`00befbd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa800305c740 SessionId: 0 Cid: 04e4 Peb: 7f6fb17c000 ParentCid: 0220 DirBase: 3b3c6000 ObjectTable: fffff8a007e52800 HandleCount: Image: svchost.exe THREAD fffffa8003007700 Cid 04e4.04e8 Teb: 000007f6fb17e000 Win32Thread: fffff9010067fb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b26060 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679320 Ticks: 61808 (0:00:16:04.210) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88014ed8dd0 Current fffff88014ed8900 Base fffff88014ed9000 Limit fffff88014ed3000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14ed8940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03069a40 0000006f`51097910 : nt!KiSwapContext+0x76 fffff880`14ed8a80 fffff802`b3b29c1f : fffff880`14ed8b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`14ed8b40 fffff802`b3ec9df6 : fffffa80`03b26060 fffff880`00000006 00000000`00000001 0000006f`52997300 : nt!KeWaitForSingleObject+0x1cf fffff880`14ed8bd0 fffff802`b3b02d53 : fffffa80`03007700 00000000`ffffffff 00000000`00000000 fffffa80`03b26060 : nt!NtWaitForSingleObject+0xb6 fffff880`14ed8c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ed8c40) 0000006f`50f6f5d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800379fb00 Cid 04e4.04fc Teb: 000007f6fb174000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037eb480 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10504 Ticks: 15730624 (2:20:09:59.307) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff88014eeddd0 Current fffff88014eed900 Base fffff88014eee000 Limit fffff88014ee8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003086b00 Cid 04e4.0500 Teb: 000007f6fb04e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80019f1d00 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 10510 Ticks: 15730618 (2:20:09:59.213) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff88014ef4dd0 Current fffff88014ef4900 Base fffff88014ef5000 Limit fffff88014eef000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80030a5080 Cid 04e4.050c Teb: 000007f6fb04c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800309e180 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 269 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address (0x000007fef4113c90) Stack Init fffff88014f02dd0 Current fffff88014f02900 Base fffff88014f03000 Limit fffff88014efd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f02940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`03074070 00000000`00001000 : nt!KiSwapContext+0x76 fffff880`14f02a80 fffff802`b3b29c1f : d400184f`0687fee9 0000000c`001f0003 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f02b40 fffff802`b3ec9df6 : fffffa80`0309e180 fffff880`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`14f02bd0 fffff802`b3b02d53 : fffffa80`030a5080 00000000`ffffffff 00000000`00000000 fffffa80`0309e180 : nt!NtWaitForSingleObject+0xb6 fffff880`14f02c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f02c40) 0000006f`51d1fce8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003009b00 Cid 04e4.0518 Teb: 000007f6fb048000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80030a27d0 SynchronizationEvent fffffa8001cd23f0 NotificationEvent fffffa8003b558f0 NotificationEvent fffffa8001cd22f0 NotificationEvent fffffa80030b4fe0 NotificationEvent IRP List: fffffa800266bdf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8002ea3820: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f9c580: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003e71ae0: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15727956 Ticks: 13172 (0:00:03:25.484) Context Switch Count 238 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address 0x000007feef77c5b0 Stack Init fffff88014f10dd0 Current fffff88014f10180 Base fffff88014f11000 Limit fffff88014f0b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f101c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f10300 fffff802`b3b293cd : fffffa80`01dff010 fffffa80`03009f18 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`14f103c0 fffff802`b3eca2ac : fffff880`00000005 fffff880`14f10540 fffffa80`030b4fe0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f10470 fffff802`b3eca723 : 00000000`00000005 00000000`00000001 00000000`00000000 fffff880`15bb137f : nt!ObWaitForMultipleObjects+0x29c fffff880`14f10980 fffff802`b3b02d53 : fffffa80`03009b00 0000006f`51e4f788 fffff880`14f10be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f10bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f10c40) 0000006f`51e4f768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80030a4080 Cid 04e4.0524 Teb: 000007f6fb044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b566f0 SynchronizationEvent fffffa8003082470 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736866 Ticks: 4262 (0:00:01:06.487) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef8a2b3c Stack Init fffff88014f25dd0 Current fffff88014f25180 Base fffff88014f26000 Limit fffff88014f20000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f251c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f25300 fffff802`b3b293cd : 00000000`00000000 00000000`00000001 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`14f253c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`14f25540 fffffa80`03082470 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f25470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000dec`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`14f25980 fffff802`b3b02d53 : fffffa80`030a4080 0000006f`51f4fa58 fffff880`14f25be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f25bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f25c40) 0000006f`51f4fa38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80030bf7c0 Cid 04e4.0528 Teb: 000007f6fb042000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800309c880 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679399 Ticks: 61729 (0:00:16:02.978) Context Switch Count 89 IdealProcessor: 0 UserTime 00:00:00.187 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f3add0 Current fffff88014f3a760 Base fffff88014f3b000 Limit fffff88014f35000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f3a7a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 fffff8a0`01eeeb20 : nt!KiSwapContext+0x76 fffff880`14f3a8e0 fffff802`b3b38ddb : fffff8a0`01eeeb20 fffff880`14f3acc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`14f3a9a0 fffff802`b3ed0b6c : fffffa80`0309c880 fffffa80`030bf701 00000000`00000001 0000006f`51fcfb00 : nt!KeRemoveQueueEx+0x26b fffff880`14f3aa50 fffff802`b3b434d5 : fffffa80`0309c880 0000006f`510fe640 fffff880`14f3ab80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`14f3aae0 fffff802`b3b02d53 : 00000000`000002a0 0000006f`510fe640 fffff880`00000010 0000006f`51fcfbb0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f3ac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f3ac40) 0000006f`51fcfb58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003b1e080 Cid 04e4.054c Teb: 000007f6fb03e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b63900 SynchronizationEvent fffffa8003b621a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739548 Ticks: 1580 (0:00:00:24.648) Context Switch Count 513 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88014f64dd0 Current fffff88014f64180 Base fffff88014f65000 Limit fffff88014f5f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f641c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`00000005 : nt!KiSwapContext+0x76 fffff880`14f64300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f643c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`14f64540 fffffa80`03b621a0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f64470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`03f02640 : nt!ObWaitForMultipleObjects+0x29c fffff880`14f64980 fffff802`b3b02d53 : fffffa80`03b1e080 0000006f`520cf168 fffff880`14f64be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f64bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f64c40) 0000006f`520cf148 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b27080 Cid 04e4.0550 Teb: 000007f6fb03c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80030ae430 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679709 Ticks: 61419 (0:00:15:58.142) Context Switch Count 2557 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address 0x000007feef7888e0 Stack Init fffff88014f6bdd0 Current fffff88014f6b900 Base fffff88014f6c000 Limit fffff88014f66000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f6b940 fffff802`b3b2d99c : ffff7cad`00000001 00000000`00000000 fffff880`00000001 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`14f6ba80 fffff802`b3b29c1f : d4001850`2087ffd9 0000000c`001f0003 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f6bb40 fffff802`b3ec9df6 : fffffa80`030ae430 fffff880`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`14f6bbd0 fffff802`b3b02d53 : fffffa80`03b27080 00000000`ffffffff 00000000`00000000 fffffa80`030ae430 : nt!NtWaitForSingleObject+0xb6 fffff880`14f6bc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f6bc40) 0000006f`5214f9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003b25080 Cid 04e4.0554 Teb: 000007f6fb03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003b27890 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13505 Ticks: 15727623 (2:20:09:12.491) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef7a5230 Stack Init fffff88014f72dd0 Current fffff88014f72900 Base fffff88014f73000 Limit fffff88014f6d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003b25b00 Cid 04e4.0558 Teb: 000007f6fb038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b27700 SynchronizationEvent fffffa8003b27780 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680160 Ticks: 60968 (0:00:15:51.106) Context Switch Count 18 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef788570 Stack Init fffff88014f79dd0 Current fffff88014f79180 Base fffff88014f7a000 Limit fffff88014f74000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f791c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f79300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f793c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`14f79540 fffffa80`03b27780 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14f79470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`14f79980 fffff802`b3b02d53 : fffffa80`03b25b00 0000006f`5224f598 fffff880`14f79be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14f79bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f79c40) 0000006f`5224f578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b23b00 Cid 04e4.0570 Teb: 000007f6fb034000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b677d0 NotificationEvent fffffa8003b70a50 SynchronizationEvent fffffa8003b709d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15719355 Ticks: 21773 (0:00:05:39.660) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef6631a0 Stack Init fffff88014fa3dd0 Current fffff88014fa3180 Base fffff88014fa4000 Limit fffff88014f9e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14fa31c0 fffff802`b3b2d99c : fffff880`14fa3502 00000000`00000000 00000000`00000000 fffff880`14fa33e0 : nt!KiSwapContext+0x76 fffff880`14fa3300 fffff802`b3b293cd : fffff880`00010000 fffff8a0`003da000 00000000`00000000 fffffa80`02e5e440 : nt!KiCommitThreadWait+0x23c fffff880`14fa33c0 fffff802`b3eca2ac : fffffa80`00000003 fffff880`14fa3540 fffffa80`03b709d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14fa3470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 fffff880`14fa39b0 fffff880`015172e9 : nt!ObWaitForMultipleObjects+0x29c fffff880`14fa3980 fffff802`b3b02d53 : fffffa80`03b23b00 0000006f`5236fab8 fffff880`14fa3be8 0000006f`5236fae0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14fa3bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fa3c40) 0000006f`5236fa98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80030b1700 Cid 04e4.0768 Teb: 000007f6fb036000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea15a0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 12536 Ticks: 15728592 (2:20:09:27.607) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef669c68 Stack Init fffff88015faadd0 Current fffff88015faa900 Base fffff88015fab000 Limit fffff88015fa5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f38080 Cid 04e4.06a4 Teb: 000007f6fb026000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f196b0 NotificationEvent fffffa8003f2ae60 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15691573 Ticks: 49555 (0:00:12:53.062) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feebc424e8 Stack Init fffff88016092dd0 Current fffff88016092180 Base fffff88016093000 Limit fffff8801608d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160921c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16092300 fffff802`b3b293cd : fffff880`16092698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`160923c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16092540 fffffa80`03f2ae60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16092470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000002 : nt!ObWaitForMultipleObjects+0x29c fffff880`16092980 fffff802`b3b02d53 : fffffa80`03f38080 0000006f`52e8f548 fffff880`16092be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16092bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16092c40) 0000006f`52e8f528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e2db00 Cid 04e4.0754 Teb: 000007f6fb024000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e202d0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feebc11544 Stack Init fffff880161bfdd0 Current fffff880161bf900 Base fffff880161c0000 Limit fffff880161ba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f3c080 Cid 04e4.0770 Teb: 000007f6fb022000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003da61a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679073 Ticks: 62055 (0:00:16:08.064) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feebbf55dc Stack Init fffff880161c6dd0 Current fffff880161c6900 Base fffff880161c7000 Limit fffff880161c1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161c6940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000001 fffff880`161c6ac0 : nt!KiSwapContext+0x76 fffff880`161c6a80 fffff802`b3b29c1f : d4001ed3`0b87ffe5 0000000c`001f0003 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`161c6b40 fffff802`b3ec9df6 : fffffa80`03da61a0 fffffa80`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`161c6bd0 fffff802`b3b02d53 : fffffa80`03f3c080 00000000`ffffffff 00000000`00000000 fffffa80`03da61a0 : nt!NtWaitForSingleObject+0xb6 fffff880`161c6c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161c6c40) 0000006f`52f8fb58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c0b080 Cid 04e4.0198 Teb: 000007f6fb04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003956ca0 NotificationEvent fffffa80017fbad0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 27182 Ticks: 15713946 (2:20:05:39.128) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0014910 Stack Init fffff880164fcdd0 Current fffff880164fc180 Base fffff880164fd000 Limit fffff880164f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd7080 Cid 04e4.0dfc Teb: 000007f6fb17a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c82890 NotificationEvent fffffa8004069060 NotificationTimer fffffa80041feac0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738529 Ticks: 2599 (0:00:00:40.544) Context Switch Count 352 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0011044 Stack Init fffff8801736add0 Current fffff8801736a180 Base fffff8801736b000 Limit fffff88017365000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1736a1c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 fffff700`00000001 fffff6fb`7dbedf70 : nt!KiSwapContext+0x76 fffff880`1736a300 fffff802`b3b293cd : fffff680`37801010 fffffa80`011d99f0 00000000`00000000 fffff700`01080000 : nt!KiCommitThreadWait+0x23c fffff880`1736a3c0 fffff802`b3eca2ac : 00000000`00000003 fffff880`1736a540 fffffa80`041feac0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1736a470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`1736a980 fffff802`b3b02d53 : fffffa80`01cd7080 0000006f`5167fc18 fffff880`1736abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1736abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1736ac40) 0000006f`5167fbf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800211a5c0 Cid 04e4.0d24 Teb: 000007f6fb176000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 1087 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015061dd0 Current fffff88015061760 Base fffff88015062000 Limit fffff8801505c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150617a0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 00000000`00000000 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`150618e0 fffff802`b3b38ddb : fffffa80`03745090 fffff802`b3e8eae7 00000000`00000000 fffff880`15061a60 : nt!KiCommitThreadWait+0x23c fffff880`150619a0 fffff802`b3ed0b6c : fffffa80`0397da80 fffffa80`0211a501 00000000`00000001 0000006f`0007fb00 : nt!KeRemoveQueueEx+0x26b fffff880`15061a50 fffff802`b3b434d5 : fffffa80`0397da80 0000006f`529f1190 fffff880`15061b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`15061ae0 fffff802`b3b02d53 : 00000000`00000040 0000006f`529f1190 0000006f`00000010 0000006f`0007fb60 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15061c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15061c40) 0000006f`0007fb08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003e91080 Cid 04e4.0f5c Teb: 000007f6fb178000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740464 Ticks: 664 (0:00:00:10.358) Context Switch Count 942 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014ee6dd0 Current fffff88014ee6760 Base fffff88014ee7000 Limit fffff88014ee1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14ee67a0 fffff802`b3b2d99c : fffff8a0`067d5770 00000000`00000000 00000000`00000001 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`14ee68e0 fffff802`b3b38ddb : fffffa80`039408e0 fffff802`b3e8eae7 00000000`00000000 fffff880`14ee6a60 : nt!KiCommitThreadWait+0x23c fffff880`14ee69a0 fffff802`b3ed0b6c : fffffa80`0397da80 fffffa80`03e91001 00000000`00000001 0000006f`001ff600 : nt!KeRemoveQueueEx+0x26b fffff880`14ee6a50 fffff802`b3b434d5 : fffffa80`0397da80 0000006f`529f23b0 fffff880`14ee6b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`14ee6ae0 fffff802`b3b02d53 : 00000000`00000040 0000006f`529f23b0 0000006f`00000010 0000006f`001ff680 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14ee6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14ee6c40) 0000006f`001ff628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80018d4780 Cid 04e4.0a58 Teb: 000007f6fb040000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 300 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017117dd0 Current fffff88017117760 Base fffff88017118000 Limit fffff88017112000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171177a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffff880`17117aa8 : nt!KiSwapContext+0x76 fffff880`171178e0 fffff802`b3b38ddb : 00000000`e0000000 fffff880`17117a70 00000000`00000000 0000006f`52978f18 : nt!KiCommitThreadWait+0x23c fffff880`171179a0 fffff802`b3ed0b6c : fffffa80`0397da80 fffffa80`018d4701 00000000`00000001 0000006f`0017fc00 : nt!KeRemoveQueueEx+0x26b fffff880`17117a50 fffff802`b3b434d5 : fffffa80`0397da80 0000006f`529f2750 fffff880`17117b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17117ae0 fffff802`b3b02d53 : 00000000`00000040 0000006f`529f2750 00000000`00000010 0000006f`0017fcc0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17117c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17117c40) 0000006f`0017fc68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800307db00 Cid 04e4.012c Teb: 000007f6fb046000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800397da80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa800305c740 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736066 Ticks: 5062 (0:00:01:18.967) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017125dd0 Current fffff88017125760 Base fffff88017126000 Limit fffff88017120000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171257a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff6fc`400b7f08 fffff802`b3b4efb1 : nt!KiSwapContext+0x76 fffff880`171258e0 fffff802`b3b38ddb : fffffa80`0397da80 fffff802`b3b4c9fd 00000000`00000000 00000000`00000266 : nt!KiCommitThreadWait+0x23c fffff880`171259a0 fffff802`b3ed0b6c : fffffa80`0397da80 fffffa80`0307db01 00000000`00000001 0000006f`000ffc00 : nt!KeRemoveQueueEx+0x26b fffff880`17125a50 fffff802`b3b434d5 : fffffa80`0397da80 0000006f`529f2af0 fffff880`17125b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17125ae0 fffff802`b3b02d53 : 00000000`00000040 0000006f`529f2af0 0000006f`00000010 0000006f`000ffc40 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17125c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17125c40) 0000006f`000ffbe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa80039a9940 SessionId: 0 Cid: 0598 Peb: 7f680503000 ParentCid: 0220 DirBase: 3e8d9000 ObjectTable: fffff8a002749980 HandleCount: Image: MsMpEng.exe THREAD fffffa8003b8bb00 Cid 0598.059c Teb: 000007f68050e000 Win32Thread: fffff90100685290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ba4060 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15680788 Ticks: 60340 (0:00:15:41.310) Context Switch Count 70 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address 0x000007f680bf10d8 Stack Init fffff880155c0dd0 Current fffff880155c0900 Base fffff880155c1000 Limit fffff880155bb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155c0940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03ba7d50 00000071`da484a00 : nt!KiSwapContext+0x76 fffff880`155c0a80 fffff802`b3b29c1f : fffff880`155c0b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`155c0b40 fffff802`b3ec9df6 : fffffa80`03ba4060 fffff880`00000006 00000000`00000001 00000071`da488400 : nt!KeWaitForSingleObject+0x1cf fffff880`155c0bd0 fffff802`b3b02d53 : fffffa80`03b8bb00 00000000`ffffffff 00000000`00000000 fffffa80`03ba4060 : nt!NtWaitForSingleObject+0xb6 fffff880`155c0c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155c0c40) 00000071`da3df558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800302eb00 Cid 0598.05c0 Teb: 000007f68050c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8003bcc6c0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736406 Ticks: 4722 (0:00:01:13.663) Context Switch Count 1304 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e76dd0 Current fffff88014e76760 Base fffff88014e77000 Limit fffff88014e71000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e767a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff680`38f37500 : nt!KiSwapContext+0x76 fffff880`14e768e0 fffff802`b3b38ddb : 00000000`00000000 fffff880`14e76bc8 00000000`00000000 fffff802`b3b4dca1 : nt!KiCommitThreadWait+0x23c fffff880`14e769a0 fffff802`b3ed0b6c : fffffa80`03b81d80 fffffa80`0302eb01 00000000`00000001 00000071`daabfc00 : nt!KeRemoveQueueEx+0x26b fffff880`14e76a50 fffff802`b3b434d5 : fffffa80`03b81d80 00000071`da487340 fffff880`14e76b80 fffffa80`03b8f810 : nt!IoRemoveIoCompletion+0x4c fffff880`14e76ae0 fffff802`b3b02d53 : 00000000`000000cc 00000071`da487340 00000000`00000010 00000071`daabfc00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e76c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e76c40) 00000071`daabfba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003be8b00 Cid 0598.0618 Teb: 000007f680506000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003ba9380 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15722723 Ticks: 18405 (0:00:04:47.119) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e14dd0 Current fffff88015e14760 Base fffff88015e15000 Limit fffff88015e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15e147a0 fffff802`b3b2d99c : fffffa80`03be8b00 00000000`00000000 fffff802`b3eedd60 fffff8a0`01f242a0 : nt!KiSwapContext+0x76 fffff880`15e148e0 fffff802`b3b38ddb : fffff8a0`02d48d90 fffff880`15e14cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`15e149a0 fffff802`b3ed0b6c : fffffa80`03ba9380 fffffa80`03be8b01 00000000`00000001 00000071`dadbf500 : nt!KeRemoveQueueEx+0x26b fffff880`15e14a50 fffff802`b3b434d5 : fffffa80`03ba9380 00000071`da48cf70 fffff880`15e14b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e14ae0 fffff802`b3b02d53 : 00000000`00000124 00000071`da48cf70 fffff880`00000010 00000071`dadbf540 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e14c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e14c40) 00000071`dadbf4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003bce080 Cid 0598.0674 Teb: 000007f6803da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.717 KernelTime 00:00:00.046 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e61dd0 Current fffff88015e617a0 Base fffff88015e62000 Limit fffff88015e5c000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bce9c0 Cid 0598.0678 Teb: 000007f6803d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690575 Ticks: 50553 (0:00:13:08.631) Context Switch Count 2401 IdealProcessor: 0 UserTime 00:00:05.475 KernelTime 00:00:00.374 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014f80dd0 Current fffff88014f807a0 Base fffff88014f81000 Limit fffff88014f7b000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f807e0 fffff802`b3b2d99c : d4001de3`00000001 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f80920 fffff802`b3b38ddb : fffffa80`036ee9c0 fffff880`009e6180 00000000`00000000 fffff880`00000400 : nt!KiCommitThreadWait+0x23c fffff880`14f809e0 fffff802`b3ed0b6c : fffffa80`039f6d40 00000071`de537001 00000071`db39f900 fffff880`14f80b00 : nt!KeRemoveQueueEx+0x26b fffff880`14f80a90 fffff802`b3eafcb5 : fffffa80`039f6d40 fffff880`14f80b88 fffff880`14f80b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`14f80b20 fffff802`b3b02d53 : fffffa80`03bce9c0 00000071`db39f8b8 fffff880`14f80be8 00000000`00000000 : nt!NtRemoveIoCompletion+0x135 fffff880`14f80bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f80c40) 00000071`db39f898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8003de5b00 Cid 0598.067c Teb: 000007f6803d6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15735445 Ticks: 5683 (0:00:01:28.655) Context Switch Count 6123 IdealProcessor: 0 UserTime 00:00:16.068 KernelTime 00:00:01.201 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88014fb8dd0 Current fffff88014fb87a0 Base fffff88014fb9000 Limit fffff88014fb3000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14fb87e0 fffff802`b3b2d99c : d4001de3`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14fb8920 fffff802`b3b38ddb : fffffa80`03dff9b0 fffff802`b3d7f180 00000000`00000000 fffff880`00000400 : nt!KiCommitThreadWait+0x23c fffff880`14fb89e0 fffff802`b3ed0b6c : fffffa80`039f6d40 00000071`de537301 00000071`db41fc00 fffff880`14fb8b00 : nt!KeRemoveQueueEx+0x26b fffff880`14fb8a90 fffff802`b3eafcb5 : fffffa80`039f6d40 fffff880`14fb8b88 fffff880`14fb8b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`14fb8b20 fffff802`b3b02d53 : fffffa80`03de5b00 00000071`db41fb78 fffff880`14fb8be8 fffff802`b3ef2924 : nt!NtRemoveIoCompletion+0x135 fffff880`14fb8bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14fb8c40) 00000071`db41fb58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8003b88080 Cid 0598.0680 Teb: 000007f6803d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 4005 IdealProcessor: 0 UserTime 00:00:09.172 KernelTime 00:00:00.904 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e6fdd0 Current fffff88015e6f7a0 Base fffff88015e70000 Limit fffff88015e6a000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e6f7e0 fffff802`b3b2d99c : d4001de3`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e6f920 fffff802`b3b38ddb : fffffa80`027e51b0 fffff802`b3d7f180 00000000`00000000 fffff880`00000400 : nt!KiCommitThreadWait+0x23c fffff880`15e6f9e0 fffff802`b3ed0b6c : fffffa80`039f6d40 00000071`de537301 00000071`db49f800 fffff880`15e6fb00 : nt!KeRemoveQueueEx+0x26b fffff880`15e6fa90 fffff802`b3eafcb5 : fffffa80`039f6d40 fffff880`15e6fb88 fffff880`15e6fb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e6fb20 fffff802`b3b02d53 : fffffa80`03b88080 00000071`db49f748 fffff880`15e6fbe8 fffff802`b3ef2924 : nt!NtRemoveIoCompletion+0x135 fffff880`15e6fbd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e6fc40) 00000071`db49f728 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8003dff080 Cid 0598.0684 Teb: 000007f6803d2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 3912 IdealProcessor: 0 UserTime 00:00:08.049 KernelTime 00:00:00.405 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e76dd0 Current fffff88015e767a0 Base fffff88015e77000 Limit fffff88015e71000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003bcdb00 Cid 0598.0688 Teb: 000007f6803d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15690558 Ticks: 50570 (0:00:13:08.897) Context Switch Count 5483 IdealProcessor: 0 UserTime 00:00:09.812 KernelTime 00:00:00.639 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e7ddd0 Current fffff88015e7d7a0 Base fffff88015e7e000 Limit fffff88015e78000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15e7d7e0 fffff802`b3b2d99c : d4001de3`00000001 00000000`00000000 fffff8a0`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e7d920 fffff802`b3b38ddb : fffffa80`03b0a200 fffff880`009e6180 00000000`00000000 fffff880`00000400 : nt!KiCommitThreadWait+0x23c fffff880`15e7d9e0 fffff802`b3ed0b6c : fffffa80`039f6d40 00000071`de538001 00000071`db59f900 fffff880`15e7db00 : nt!KeRemoveQueueEx+0x26b fffff880`15e7da90 fffff802`b3eafcb5 : fffffa80`039f6d40 fffff880`15e7db88 fffff880`15e7db80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e7db20 fffff802`b3b02d53 : fffffa80`03bcdb00 00000071`db59f808 fffff880`15e7dbe8 00000000`00000000 : nt!NtRemoveIoCompletion+0x135 fffff880`15e7dbd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e7dc40) 00000071`db59f7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8003dec080 Cid 0598.068c Teb: 000007f6803ce000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039f6d40 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 62603 Ticks: 15678525 (2:19:56:26.557) Context Switch Count 354 IdealProcessor: 0 UserTime 00:00:00.514 KernelTime 00:00:00.031 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e84dd0 Current fffff88015e847a0 Base fffff88015e85000 Limit fffff88015e7f000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003decb00 Cid 0598.0690 Teb: 000007f6803cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80039a07c0 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 1014 IdealProcessor: 0 UserTime 00:00:01.825 KernelTime 00:00:00.187 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015e8bdd0 Current fffff88015e8b7a0 Base fffff88015e8c000 Limit fffff88015e86000 Call 0 Priority 4 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 1 Child-SP RetAddr : Args to Child : Call Site fffff880`15e8b7e0 fffff802`b3b2d99c : d4001de3`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e8b920 fffff802`b3b38ddb : fffffa80`03fd1a30 fffff880`009e6180 00000000`00000000 fffff880`00000400 : nt!KiCommitThreadWait+0x23c fffff880`15e8b9e0 fffff802`b3ed0b6c : fffffa80`039a07c0 00000071`de537601 00000071`db69fa00 fffff880`15e8bb00 : nt!KeRemoveQueueEx+0x26b fffff880`15e8ba90 fffff802`b3eafcb5 : fffffa80`039a07c0 fffff880`15e8bb88 fffff880`15e8bb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e8bb20 fffff802`b3b02d53 : fffffa80`03decb00 00000071`db69f9b8 fffff880`15e8bbe8 fffff802`b3ef2924 : nt!NtRemoveIoCompletion+0x135 fffff880`15e8bbd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e8bc40) 00000071`db69f998 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8003e0db00 Cid 0598.06cc Teb: 000007f6803ca000 Win32Thread: fffff90100695b90 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject IRP List: fffffa8001d57850: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15736443 Ticks: 4685 (0:00:01:13.086) Context Switch Count 5746 IdealProcessor: 0 UserTime 00:00:11.980 KernelTime 00:00:01.435 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e30dd0 Current fffff88015e30760 Base fffff88015e31000 Limit fffff88015e2b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e307a0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e308e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e309a0 fffff802`b3ed0b6c : fffffa80`03b81d80 fffffa80`03e0db01 00000000`00000001 00000071`e047f800 : nt!KeRemoveQueueEx+0x26b fffff880`15e30a50 fffff802`b3b434d5 : fffffa80`03b81d80 00000071`da4b0040 fffff880`15e30b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`15e30ae0 fffff802`b3b02d53 : 00000000`000000cc 00000071`da4b0040 00000000`00000010 00000071`e047f860 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e30c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e30c40) 00000071`e047f808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e43080 Cid 0598.04ec Teb: 000007f68050a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740200 Ticks: 928 (0:00:00:14.476) Context Switch Count 3521 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e92dd0 Current fffff88015e92760 Base fffff88015e93000 Limit fffff88015e8d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e927a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000071`dac78388 fffff880`0154c3ac : nt!KiSwapContext+0x76 fffff880`15e928e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e929a0 fffff802`b3ed0b6c : fffffa80`03d8d580 fffffa80`01e43001 00000000`00000001 00000071`dab3f700 : nt!KeRemoveQueueEx+0x26b fffff880`15e92a50 fffff802`b3b434d5 : fffffa80`03d8d580 00000071`da50cce0 fffff880`15e92b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15e92ae0 fffff802`b3b02d53 : 00000000`00000228 00000071`da50cce0 00000071`00000010 00000071`dab3f710 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e92c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e92c40) 00000071`dab3f6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002612980 Cid 0598.08e4 Teb: 000007f680504000 Win32Thread: fffff901006f3010 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 1419 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161b8dd0 Current fffff880161b8760 Base fffff880161b9000 Limit fffff880161b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`161b87a0 fffff802`b3b2d99c : fffff680`00000000 00000000`00000000 00000000`00000001 fffff680`38f92030 : nt!KiSwapContext+0x76 fffff880`161b88e0 fffff802`b3b38ddb : 00000000`00000000 fffff880`161b8bc8 00000000`00000000 fffff802`b3b4dca1 : nt!KiCommitThreadWait+0x23c fffff880`161b89a0 fffff802`b3ed0b6c : fffffa80`03b81d80 fffffa80`02612901 00000000`00000001 00000071`dac3fa00 : nt!KeRemoveQueueEx+0x26b fffff880`161b8a50 fffff802`b3b434d5 : fffffa80`03b81d80 00000071`da50be60 fffff880`161b8b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`161b8ae0 fffff802`b3b02d53 : 00000000`000000cc 00000071`da50be60 00000000`00000010 00000071`dac3faa0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161b8c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161b8c40) 00000071`dac3fa48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80041af080 Cid 0598.03a4 Teb: 000007f6803a8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b81d80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740224 Ticks: 904 (0:00:00:14.102) Context Switch Count 77 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017468dd0 Current fffff88017468760 Base fffff88017469000 Limit fffff88017463000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174687a0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174688e0 fffff802`b3b38ddb : fffffa80`02680000 fffffa80`00000000 00000000`00000000 fffffa80`039fd430 : nt!KiCommitThreadWait+0x23c fffff880`174689a0 fffff802`b3ed0b6c : fffffa80`03b81d80 fffffa80`041af001 00000000`00000001 00000071`e4b8f500 : nt!KeRemoveQueueEx+0x26b fffff880`17468a50 fffff802`b3b434d5 : fffffa80`03b81d80 00000071`da508e60 fffff880`17468b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17468ae0 fffff802`b3b02d53 : 00000000`000000cc 00000071`da508e60 00000000`00000010 00000071`e4b8f5a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17468c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17468c40) 00000071`e4b8f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002cf5b00 Cid 0598.0f54 Teb: 000007f6803a4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f337b0 NotificationEvent fffffa8003dde9b0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15737894 Ticks: 3234 (0:00:00:50.450) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015109dd0 Current fffff88015109180 Base fffff8801510a000 Limit fffff88015104000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151091c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15109300 fffff802`b3b293cd : fffffa80`025fc180 00000001`036864d0 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`151093c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`15109540 fffffa80`03dde9b0 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15109470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`015172e9 : nt!ObWaitForMultipleObjects+0x29c fffff880`15109980 fffff802`b3b02d53 : fffffa80`02cf5b00 00000071`e633f648 fffff880`15109be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15109bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15109c40) 00000071`e633f628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d1d700 Cid 0598.0e38 Teb: 000007f6803c8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d8d580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80039a9940 Image: MsMpEng.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016581dd0 Current fffff88016581760 Base fffff88016582000 Limit fffff8801657c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165817a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000071`00000001 fffff880`0154c3ac : nt!KiSwapContext+0x76 fffff880`165818e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`165819a0 fffff802`b3ed0b6c : fffffa80`03d8d580 fffffa80`01d1d701 00000000`00000001 00000071`dae3fb00 : nt!KeRemoveQueueEx+0x26b fffff880`16581a50 fffff802`b3b434d5 : fffffa80`03d8d580 00000071`da50a420 fffff880`16581b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`16581ae0 fffff802`b3b02d53 : 00000000`00000228 00000071`da50a420 00000071`00000010 00000071`dae3fb30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16581c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16581c40) 00000071`dae3fad8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003d8f080 SessionId: 0 Cid: 063c Peb: 7f6e696f000 ParentCid: 03f0 DirBase: 0a9ad000 ObjectTable: fffff8a0005f2f00 HandleCount: Image: dasHost.exe THREAD fffffa8003d82500 Cid 063c.0640 Teb: 000007f6e696d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bbe6a0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 11259 Ticks: 15729869 (2:20:09:47.529) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6e73fbe5c Stack Init fffff88014f33dd0 Current fffff88014f33900 Base fffff88014f34000 Limit fffff88014f2e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e29b00 Cid 063c.0124 Teb: 000007f6e6963000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8003e29ea8 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a006688cf0 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeef05c38 Stack Init fffff880161a3dd0 Current fffff880161a3660 Base fffff880161a4000 Limit fffff8801619e000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161a36a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03f6c130 fffff880`161a38dc : nt!KiSwapContext+0x76 fffff880`161a37e0 fffff802`b3b29c1f : fffff8a0`01855890 fffff880`161a3aa8 00000000`00000001 fffffa80`03d86d40 : nt!KiCommitThreadWait+0x23c fffff880`161a38a0 fffff802`b3af1a0a : fffffa80`03e29ea8 ffffffff`00000011 00000053`00000001 00000000`0d731701 : nt!KeWaitForSingleObject+0x1cf fffff880`161a3930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`03e29ea8 fffff880`161a3a01 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`161a39e0 fffff802`b3ebb762 : fffffa80`03e2e070 00000053`4212b1d0 00000053`426ff368 fffff880`161a3c01 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`161a3a40 fffff802`b3ec19c2 : fffffa80`03e2e070 fffffa80`00020000 00000053`4212b1d0 00000053`42149828 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`161a3b20 fffff802`b3b02d53 : fffffa80`03e29b00 fffff880`161a3cc0 fffff880`161a3be8 fffff802`b3ed0e8d : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`161a3bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161a3c40) 00000053`426ff318 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8003fc4b00 Cid 063c.0828 Teb: 000007f6e683e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f64cc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679298 Ticks: 61830 (0:00:16:04.554) Context Switch Count 27 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161aadd0 Current fffff880161aa760 Base fffff880161ab000 Limit fffff880161a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161aa7a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000001 fffff8a0`01ea4530 : nt!KiSwapContext+0x76 fffff880`161aa8e0 fffff802`b3b38ddb : fffff8a0`01ea4530 fffff880`161aacc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`161aa9a0 fffff802`b3ed0b6c : fffffa80`03f64cc0 fffffa80`03fc4b01 00000000`00000001 00000053`4277fa00 : nt!KeRemoveQueueEx+0x26b fffff880`161aaa50 fffff802`b3b434d5 : fffffa80`03f64cc0 00000053`421712a0 fffff880`161aab80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`161aaae0 fffff802`b3b02d53 : 00000000`000001fc 00000053`421712a0 fffff880`00000010 00000053`4277fa70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161aac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161aac40) 00000053`4277fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001f23740 Cid 063c.0d28 Teb: 000007f6e6965000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b0d280 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003d8f080 Image: dasHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15703645 Ticks: 37483 (0:00:09:44.738) Context Switch Count 1173 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015406dd0 Current fffff88015406760 Base fffff88015407000 Limit fffff88015401000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154067a0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 000007fe`00000000 00000053`4212a4b0 : nt!KiSwapContext+0x76 fffff880`154068e0 fffff802`b3b38ddb : fffffa80`03d83690 00000000`00000000 00000000`00000000 fffff880`15406a80 : nt!KiCommitThreadWait+0x23c fffff880`154069a0 fffff802`b3ed0b6c : fffffa80`03b0d280 fffffa80`01f23701 00000000`00000001 00000053`4267f800 : nt!KeRemoveQueueEx+0x26b fffff880`15406a50 fffff802`b3b434d5 : fffffa80`03b0d280 00000053`421a93e0 fffff880`15406b80 00000018`000f0001 : nt!IoRemoveIoCompletion+0x4c fffff880`15406ae0 fffff802`b3b02d53 : 00000000`00000048 00000053`421a93e0 00000000`00000010 00000053`4267f8e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15406c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15406c40) 00000053`4267f888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003eec940 SessionId: 0 Cid: 07e8 Peb: 7f6fa92f000 ParentCid: 0220 DirBase: 3fdd9000 ObjectTable: fffff8a0006d3f00 HandleCount: Image: svchost.exe THREAD fffffa8003ee5800 Cid 07e8.07ec Teb: 000007f6fa92d000 Win32Thread: fffff901006993a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa80039b6c30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15733059 Ticks: 8069 (0:00:02:05.877) Context Switch Count 75 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff88016061dd0 Current fffff88016061900 Base fffff88016062000 Limit fffff8801605c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16061940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03f012e0 00000055`90567c50 : nt!KiSwapContext+0x76 fffff880`16061a80 fffff802`b3b29c1f : fffff880`16061b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`16061b40 fffff802`b3ec9df6 : fffffa80`039b6c30 fffff880`00000006 00000000`00000001 00000055`9058ff00 : nt!KeWaitForSingleObject+0x1cf fffff880`16061bd0 fffff802`b3b02d53 : fffffa80`03ee5800 00000000`ffffffff 00000000`00000000 fffffa80`039b6c30 : nt!NtWaitForSingleObject+0xb6 fffff880`16061c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16061c40) 00000055`9050faf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003f00080 Cid 07e8.03fc Teb: 000007f6fa92b000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24c40 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679171 Ticks: 61957 (0:00:16:06.535) Context Switch Count 1587 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016084dd0 Current fffff88016084180 Base fffff88016085000 Limit fffff8801607f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160841c0 fffff802`b3b2d99c : fffffa80`03dce300 00000000`00000000 00000000`00000000 fffffa80`01c4dac0 : nt!KiSwapContext+0x76 fffff880`16084300 fffff802`b3b293cd : 00000000`00000000 fffffa80`03df3a10 00000000`00000000 fffff880`0374a998 : nt!KiCommitThreadWait+0x23c fffff880`160843c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`16084540 fffffa80`03e24c40 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16084470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3b38ddb : nt!ObWaitForMultipleObjects+0x29c fffff880`16084980 fffff802`b3b02d53 : fffffa80`03f00080 00000055`90bde778 fffff880`16084be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16084bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16084c40) 00000055`90bde758 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f17080 Cid 07e8.04dc Teb: 000007f6fa923000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f0acc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685436 Ticks: 55692 (0:00:14:28.800) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160dfdd0 Current fffff880160df760 Base fffff880160e0000 Limit fffff880160da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160df7a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000000 fffff8a0`06b87520 : nt!KiSwapContext+0x76 fffff880`160df8e0 fffff802`b3b38ddb : fffff8a0`06b87520 fffff880`160dfcc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`160df9a0 fffff802`b3ed0b6c : fffffa80`03f0acc0 fffffa80`03f17001 00000000`00000001 00000055`9139f500 : nt!KeRemoveQueueEx+0x26b fffff880`160dfa50 fffff802`b3b434d5 : fffffa80`03f0acc0 00000055`905773f0 fffff880`160dfb80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`160dfae0 fffff802`b3b02d53 : 00000000`00000138 00000055`905773f0 fffff880`00000010 00000055`9139f530 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160dfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160dfc40) 00000055`9139f4d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003e1e080 Cid 07e8.0608 Teb: 000007f6fa7fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80039e2380 NotificationEvent IRP List: fffffa80027a28a0: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 381 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007feed350ce0 Stack Init fffff880160bcdd0 Current fffff880160bc900 Base fffff880160bd000 Limit fffff880160b7000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`160bc940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 0016019f`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`160bca80 fffff802`b3b29c1f : fffff880`160bcbe8 00000055`9161f438 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x23c fffff880`160bcb40 fffff802`b3ec9df6 : fffffa80`039e2380 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`160bcbd0 fffff802`b3b02d53 : fffffa80`03e1e080 00000000`00000004 fffff880`160bcc18 fffffa80`039e2380 : nt!NtWaitForSingleObject+0xb6 fffff880`160bcc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160bcc40) 00000055`9161f398 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003f78080 Cid 07e8.05f8 Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800366e3e0 SynchronizationEvent fffffa800372e3f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 783 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address 0x000007feed3431b0 Stack Init fffff8801600ddd0 Current fffff8801600d180 Base fffff8801600e000 Limit fffff88016008000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1600d1c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000001 00001f80`00a30225 : nt!KiSwapContext+0x76 fffff880`1600d300 fffff802`b3b293cd : fffff880`00990002 fffffa80`017ea1a0 00000000`00000000 fffff880`0199da1d : nt!KiCommitThreadWait+0x23c fffff880`1600d3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1600d540 fffffa80`0372e3f0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1600d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000003 : nt!ObWaitForMultipleObjects+0x29c fffff880`1600d980 fffff802`b3b02d53 : fffffa80`03f78080 00000055`9171f808 fffff880`1600dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1600dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1600dc40) 00000055`9171f7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e04080 Cid 07e8.02c8 Teb: 000007f6fa7f4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80039d7940 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679291 Ticks: 61837 (0:00:16:04.663) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016172dd0 Current fffff88016172760 Base fffff88016173000 Limit fffff8801616d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161727a0 fffff802`b3b2d99c : fffffa80`03ed8ad0 00000000`00000000 000007fe`f7ee38c0 00000055`905a0ee0 : nt!KiSwapContext+0x76 fffff880`161728e0 fffff802`b3b38ddb : fffffa80`011e7430 fffffa80`03eece28 00000000`00000000 00000000`00000e51 : nt!KiCommitThreadWait+0x23c fffff880`161729a0 fffff802`b3ed0b6c : fffffa80`039d7940 fffffa80`03e04001 00000000`00000001 00000055`9179fc00 : nt!KeRemoveQueueEx+0x26b fffff880`16172a50 fffff802`b3b434d5 : fffffa80`039d7940 00000055`905a26a0 fffff880`16172b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`16172ae0 fffff802`b3b02d53 : 00000000`00000318 00000055`905a26a0 00000000`00000010 00000055`9179fc70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16172c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16172c40) 00000055`9179fc18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003df94c0 Cid 07e8.0248 Teb: 000007f6fa7ee000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8003e24820 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 13514 Ticks: 15727614 (2:20:09:12.350) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016195dd0 Current fffff88016195180 Base fffff88016196000 Limit fffff88016190000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e8d880 Cid 07e8.0544 Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ea9d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18772 Ticks: 15722356 (2:20:07:50.325) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec2654c0 Stack Init fffff8801616bdd0 Current fffff8801616b900 Base fffff8801616c000 Limit fffff88016166000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003ef7b00 Cid 07e8.04a8 Teb: 000007f6fa7e4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8004018400 SynchronizationEvent fffffa8003d898b0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 18771 Ticks: 15722357 (2:20:07:50.341) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec27708c Stack Init fffff88016099dd0 Current fffff88016099180 Base fffff8801609a000 Limit fffff88016094000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003f26080 Cid 07e8.057c Teb: 000007f6fa7e2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f28380 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679660 Ticks: 61468 (0:00:15:58.906) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801613add0 Current fffff8801613a760 Base fffff8801613b000 Limit fffff88016135000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1613a7a0 fffff802`b3b2d99c : fffff880`047009b0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1613a8e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`1613acc0 : nt!KiCommitThreadWait+0x23c fffff880`1613a9a0 fffff802`b3ed0b6c : fffffa80`03f28380 fffffa80`03f26001 00000000`00000001 00000055`91c1fa00 : nt!KeRemoveQueueEx+0x26b fffff880`1613aa50 fffff802`b3b434d5 : fffffa80`03f28380 00000055`905b3bc0 fffff880`1613ab80 fffffa80`03e0d9f0 : nt!IoRemoveIoCompletion+0x4c fffff880`1613aae0 fffff802`b3b02d53 : 00000000`0000048c 00000055`905b3bc0 fffff880`00000010 00000055`91c1fa60 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1613ac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1613ac40) 00000055`91c1fa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003ed8b00 Cid 07e8.0874 Teb: 000007f6fa7f2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e0c640 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679749 Ticks: 61379 (0:00:15:57.518) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162b6dd0 Current fffff880162b6760 Base fffff880162b7000 Limit fffff880162b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162b67a0 fffff802`b3b2d99c : fffff8a0`006d3f00 00000000`00000000 fffffa80`03eec940 00000000`000002f0 : nt!KiSwapContext+0x76 fffff880`162b68e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`162b6cc0 : nt!KiCommitThreadWait+0x23c fffff880`162b69a0 fffff802`b3ed0b6c : fffffa80`03e0c640 fffffa80`03ed8b01 00000000`00000001 00000055`9181fb00 : nt!KeRemoveQueueEx+0x26b fffff880`162b6a50 fffff802`b3b434d5 : fffffa80`03e0c640 00000055`9060a7a0 fffff880`162b6b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`162b6ae0 fffff802`b3b02d53 : 00000000`0000044c 00000055`9060a7a0 fffff880`00000010 00000055`9181fb70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162b6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162b6c40) 00000055`9181fb18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002c4fb00 Cid 07e8.0bd4 Teb: 000007f6fa929000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003f5f980 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679738 Ticks: 61390 (0:00:15:57.690) Context Switch Count 95 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801608bdd0 Current fffff8801608b760 Base fffff8801608c000 Limit fffff88016086000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1608b7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000012 : nt!KiSwapContext+0x76 fffff880`1608b8e0 fffff802`b3b38ddb : fffffa80`02cbe3d0 fffffa80`02cbe3d0 00000000`00000000 fffffa80`02cbe578 : nt!KiCommitThreadWait+0x23c fffff880`1608b9a0 fffff802`b3ed0b6c : fffffa80`03f5f980 fffffa80`02c4fb01 00000000`00000001 00000055`90c5f500 : nt!KeRemoveQueueEx+0x26b fffff880`1608ba50 fffff802`b3b434d5 : fffffa80`03f5f980 00000055`90609580 fffff880`1608bb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`1608bae0 fffff802`b3b02d53 : 00000000`000002c8 00000055`90609580 fffff880`00000010 00000055`90c5f5f0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1608bc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1608bc40) 00000055`90c5f598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003657b00 Cid 07e8.0734 Teb: 000007f6fa925000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003dc2620 NotificationEvent fffffa8002c64930 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15680365 Ticks: 60763 (0:00:15:47.908) Context Switch Count 1198 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164bddd0 Current fffff880164bd180 Base fffff880164be000 Limit fffff880164b8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`164bd1c0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffffa80`00000001 00000000`00000004 : nt!KiSwapContext+0x76 fffff880`164bd300 fffff802`b3b293cd : 00000000`00000000 fffffa80`01f18890 00000000`00000000 fffff880`0374a998 : nt!KiCommitThreadWait+0x23c fffff880`164bd3c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`164bd540 fffffa80`02c64930 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`164bd470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3b38ddb : nt!ObWaitForMultipleObjects+0x29c fffff880`164bd980 fffff802`b3b02d53 : fffffa80`03657b00 00000055`90d5ea18 fffff880`164bdbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`164bdbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164bdc40) 00000055`90d5e9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d51080 Cid 07e8.0be0 Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0cb0 NotificationEvent fffffa80027a8800 SynchronizationEvent IRP List: fffffa8003e1f620: (0006,01f0) Flags: 00060030 Mdl: fffffa80037368b0 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679261 Ticks: 61867 (0:00:16:05.131) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeae57300 Stack Init fffff88015f8edd0 Current fffff88015f8e180 Base fffff88015f8f000 Limit fffff88015f89000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15f8e1c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f8e300 fffff802`b3b293cd : 00000000`00000000 00000000`00000042 00000000`00000000 fffffa80`01c93c10 : nt!KiCommitThreadWait+0x23c fffff880`15f8e3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15f8e540 fffffa80`027a8800 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15f8e470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`15ab46f9 : nt!ObWaitForMultipleObjects+0x29c fffff880`15f8e980 fffff802`b3b02d53 : fffffa80`01d51080 00000055`9227fb38 fffff880`15f8ebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15f8ebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f8ec40) 00000055`9227fb18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001c87b00 Cid 07e8.0b24 Teb: 000007f6fa7d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c6fa80 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeae863d0 Stack Init fffff8801606fdd0 Current fffff8801606f900 Base fffff88016070000 Limit fffff8801606a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1606f940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff802`00000008 : nt!KiSwapContext+0x76 fffff880`1606fa80 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`009e6180 : nt!KiCommitThreadWait+0x23c fffff880`1606fb40 fffff802`b3ec9df6 : fffffa80`01c6fa80 fffffa80`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`1606fbd0 fffff802`b3b02d53 : fffffa80`01c87b00 00000000`000493e0 fffff880`1606fc18 fffffa80`01c6fa80 : nt!NtWaitForSingleObject+0xb6 fffff880`1606fc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1606fc40) 00000055`9247f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001e1ab00 Cid 07e8.0d80 Teb: 000007f6fa7d4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001cf0d30 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeae863d0 Stack Init fffff8801740ddd0 Current fffff8801740d900 Base fffff8801740e000 Limit fffff88017408000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1740d940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1740da80 fffff802`b3b29c1f : d4000e78`6807ff65 0000000c`001f0003 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1740db40 fffff802`b3ec9df6 : fffffa80`01cf0d30 fffffa80`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`1740dbd0 fffff802`b3b02d53 : fffffa80`01e1ab00 00000000`0000ea60 fffff880`1740dc18 fffffa80`01cf0d30 : nt!NtWaitForSingleObject+0xb6 fffff880`1740dc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1740dc40) 00000055`924ffbb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001d0c080 Cid 07e8.0ca8 Teb: 000007f6fa7cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dbf240 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679404 Ticks: 61724 (0:00:16:02.900) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801624ddd0 Current fffff8801624d760 Base fffff8801624e000 Limit fffff88016248000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1624d7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1624d8e0 fffff802`b3b38ddb : fffffa80`03dbf240 fffff802`b3b4c9fd 00000000`00000000 00000000`00000ba1 : nt!KiCommitThreadWait+0x23c fffff880`1624d9a0 fffff802`b3ed0b6c : fffffa80`03dbf240 fffffa80`01d0c001 00000000`00000001 00000055`926ff700 : nt!KeRemoveQueueEx+0x26b fffff880`1624da50 fffff802`b3b434d5 : fffffa80`03dbf240 00000055`9060a060 fffff880`1624db80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`1624dae0 fffff802`b3b02d53 : 00000000`00000254 00000055`9060a060 00000055`00000010 00000055`926ff7b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1624dc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1624dc40) 00000055`926ff758 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e1a280 Cid 07e8.0b08 Teb: 000007f6fa7dc000 Win32Thread: fffff90100702b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003642e90 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15729717 Ticks: 11411 (0:00:02:58.012) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017500dd0 Current fffff880175005f0 Base fffff88017501000 Limit fffff880174fb000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17500630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`17500770 fffff802`b3b29c1f : fffffa80`01f9f200 fffffa80`040dec40 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17500830 fffff802`b3b2943e : fffffa80`03642e90 fffff8a0`0000000d 00000000`fffeff01 fffffa80`0380ec00 : nt!KeWaitForSingleObject+0x1cf fffff880`175008c0 fffff960`00153e07 : fffffa80`00000001 fffff880`175009e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`17500970 fffff960`00154765 : fffff901`006b0000 fffff901`00700000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`17500a40 fffff960`00152e99 : fffff880`17500cc0 00000000`00000100 00000000`00000001 fffff901`00000000 : win32k!xxxSleepThread+0xc5 fffff880`17500a90 fffff960`001545f3 : fffff880`17500bf8 00000055`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`17500bb0 fffff802`b3b02d53 : fffffa80`01e1a280 000007fe`f7ca6ab0 00000000`00000020 fffff880`17500c40 : win32k!NtUserGetMessage+0x83 fffff880`17500c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17500c40) 00000055`9237fa28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa800218f9c0 Cid 07e8.0630 Teb: 000007f6fa7fe000 Win32Thread: fffff901006d7b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033a39f0 Semaphore Limit 0x1f4 fffffa8002cfe8b0 NotificationEvent fffffa8003dc2620 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 272 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161cddd0 Current fffff880161cd180 Base fffff880161ce000 Limit fffff880161c8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`161cd1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`161cd300 fffff802`b3b293cd : 00000000`00000000 fffffa80`01d261c0 00000000`00000000 fffff880`0374a998 : nt!KiCommitThreadWait+0x23c fffff880`161cd3c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`161cd540 fffffa80`03dc2620 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`161cd470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 fffff880`161cd9b0 fffff802`b3b38ddb : nt!ObWaitForMultipleObjects+0x29c fffff880`161cd980 fffff802`b3b02d53 : fffffa80`0218f9c0 00000055`9159e378 fffff880`161cdbe8 00000055`9159e3a0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`161cdbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161cdc40) 00000055`9159e358 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003d84b00 Cid 07e8.0c7c Teb: 000007f6fa927000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736886 Ticks: 4242 (0:00:01:06.175) Context Switch Count 120 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017084dd0 Current fffff88017084760 Base fffff88017085000 Limit fffff8801707f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170847a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 00000000`00000020 : nt!KiSwapContext+0x76 fffff880`170848e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`17084cc0 : nt!KiCommitThreadWait+0x23c fffff880`170849a0 fffff802`b3ed0b6c : fffffa80`03e1eb80 fffffa80`03d84b01 00000000`00000001 00000055`90cdf800 : nt!KeRemoveQueueEx+0x26b fffff880`17084a50 fffff802`b3b434d5 : fffffa80`03e1eb80 00000055`91c3bc10 fffff880`17084b80 00000000`00000674 : nt!IoRemoveIoCompletion+0x4c fffff880`17084ae0 fffff802`b3b02d53 : 00000000`000000a4 00000055`91c3bc10 00000000`00000010 00000055`90cdf830 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17084c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17084c40) 00000055`90cdf7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80030739c0 Cid 07e8.0bb4 Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741009 Ticks: 119 (0:00:00:01.856) Context Switch Count 28 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801506fdd0 Current fffff8801506f760 Base fffff88015070000 Limit fffff8801506a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1506f7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffff802`00000020 : nt!KiSwapContext+0x76 fffff880`1506f8e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`1506fcc0 : nt!KiCommitThreadWait+0x23c fffff880`1506f9a0 fffff802`b3ed0b6c : fffffa80`03e1eb80 fffffa80`03073901 00000000`00000001 00000055`9169f600 : nt!KeRemoveQueueEx+0x26b fffff880`1506fa50 fffff802`b3b434d5 : fffffa80`03e1eb80 00000055`91c3bfb0 fffff880`1506fb80 00000000`000003b8 : nt!IoRemoveIoCompletion+0x4c fffff880`1506fae0 fffff802`b3b02d53 : 00000000`000000a4 00000055`91c3bfb0 00000000`00000010 00000055`9169f630 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1506fc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1506fc40) 00000055`9169f5d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002ef9b00 Cid 07e8.01f0 Teb: 000007f6fa7ec000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e1eb80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016518dd0 Current fffff88016518760 Base fffff88016519000 Limit fffff88016513000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165187a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 00000000`00000020 : nt!KiSwapContext+0x76 fffff880`165188e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`16518cc0 : nt!KiCommitThreadWait+0x23c fffff880`165189a0 fffff802`b3ed0b6c : fffffa80`03e1eb80 fffffa80`02ef9b01 00000000`00000001 00000055`91a1fa00 : nt!KeRemoveQueueEx+0x26b fffff880`16518a50 fffff802`b3b434d5 : fffffa80`03e1eb80 00000055`91c3b130 fffff880`16518b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`16518ae0 fffff802`b3b02d53 : 00000000`000000a4 00000055`91c3b130 00000000`00000010 00000055`91a1fae0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16518c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16518c40) 00000055`91a1fa88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80041b25c0 Cid 07e8.0f2c Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740864 Ticks: 264 (0:00:00:04.118) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88002f17dd0 Current fffff88002f17760 Base fffff88002f18000 Limit fffff88002f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02f177a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000000 fffff880`02f179f0 : nt!KiSwapContext+0x76 fffff880`02f178e0 fffff802`b3b38ddb : fffff8a0`00003000 fffffa80`0182e480 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`02f179a0 fffff802`b3ed0b6c : fffffa80`036dcbc0 fffffa80`041b2501 00000000`00000001 00000055`9189f500 : nt!KeRemoveQueueEx+0x26b fffff880`02f17a50 fffff802`b3b434d5 : fffffa80`036dcbc0 00000055`91c3a9f0 fffff880`02f17b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`02f17ae0 fffff802`b3b02d53 : 00000000`00000168 00000055`91c3a9f0 00000055`00000010 00000055`9189f5a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`02f17c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02f17c40) 00000055`9189f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d3db00 Cid 07e8.0490 Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80036dcbc0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003eec940 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741084 Ticks: 44 (0:00:00:00.686) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801651fdd0 Current fffff8801651f760 Base fffff88016520000 Limit fffff8801651a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1651f7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1651f8e0 fffff802`b3b38ddb : fffffa80`036dcbc0 00000004`d218837d 00000000`00000000 00000000`000008d6 : nt!KiCommitThreadWait+0x23c fffff880`1651f9a0 fffff802`b3ed0b6c : fffffa80`036dcbc0 fffffa80`02d3db01 00000000`00000001 00000055`9199fa00 : nt!KeRemoveQueueEx+0x26b fffff880`1651fa50 fffff802`b3b434d5 : fffffa80`036dcbc0 00000055`91c3ad90 fffff880`1651fb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`1651fae0 fffff802`b3b02d53 : 00000000`00000168 00000055`91c3ad90 00000055`00000010 00000055`9199fa80 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1651fc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1651fc40) 00000055`9199fa28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003fea3c0 SessionId: 0 Cid: 08a8 Peb: 7f6fb20f000 ParentCid: 0220 DirBase: 4ae86000 ObjectTable: fffff8a000853600 HandleCount: Image: svchost.exe THREAD fffffa8003fd3600 Cid 08a8.08ac Teb: 000007f6fb20d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800394a600 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679225 Ticks: 61903 (0:00:16:05.692) Context Switch Count 36 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff880162d2dd0 Current fffff880162d2900 Base fffff880162d3000 Limit fffff880162cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162d2940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`03fe5070 00000083`e7fda580 : nt!KiSwapContext+0x76 fffff880`162d2a80 fffff802`b3b29c1f : fffff880`162d2b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`162d2b40 fffff802`b3ec9df6 : fffffa80`0394a600 fffff880`00000006 00000000`00000001 00000083`fa27b800 : nt!KeWaitForSingleObject+0x1cf fffff880`162d2bd0 fffff802`b3b02d53 : fffffa80`03fd3600 00000000`ffffffff 00000000`00000000 fffffa80`0394a600 : nt!NtWaitForSingleObject+0xb6 fffff880`162d2c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162d2c40) 00000083`e7e0f418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003f6fb00 Cid 08a8.08b0 Teb: 000007f6fb20b000 Win32Thread: fffff901000cc010 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 11047 IdealProcessor: 0 UserTime 00:00:00.171 KernelTime 00:00:00.265 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162cbdd0 Current fffff880162cb760 Base fffff880162cc000 Limit fffff880162c6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162cb7a0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffffa80`00000001 fffffa80`03f33e20 : nt!KiSwapContext+0x76 fffff880`162cb8e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`009e6180 : nt!KiCommitThreadWait+0x23c fffff880`162cb9a0 fffff802`b3ed0b6c : fffffa80`03e98b80 fffffa80`03f6fb01 00000000`00000001 00000083`e7f5f800 : nt!KeRemoveQueueEx+0x26b fffff880`162cba50 fffff802`b3b434d5 : fffffa80`03e98b80 00000083`e7fdc970 fffff880`162cbb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`162cbae0 fffff802`b3b02d53 : 00000000`0000004c 00000083`e7fdc970 fffff880`00000010 00000083`e7f5f8a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162cbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162cbc40) 00000083`e7f5f848 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003857080 Cid 08a8.0990 Teb: 000007f6fb207000 Win32Thread: fffff901006d9b90 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15739419 Ticks: 1709 (0:00:00:26.660) Context Switch Count 9229 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.156 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880162e7dd0 Current fffff880162e7760 Base fffff880162e8000 Limit fffff880162e2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162e77a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000001 fffffa80`032a0010 : nt!KiSwapContext+0x76 fffff880`162e78e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`162e79a0 fffff802`b3ed0b6c : fffffa80`03e98b80 fffffa80`03857001 00000000`00000001 00000083`e81cfa00 : nt!KeRemoveQueueEx+0x26b fffff880`162e7a50 fffff802`b3b434d5 : fffffa80`03e98b80 00000083`e7fddb20 fffff880`162e7b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`162e7ae0 fffff802`b3b02d53 : 00000000`0000004c 00000083`e7fddb20 00000083`00000010 00000083`e81cfa40 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`162e7c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162e7c40) 00000083`e81cf9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80018fc080 Cid 08a8.0998 Teb: 000007f6fb0de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f95480 SynchronizationEvent fffffa8003f22720 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15160 Ticks: 15725968 (2:20:08:46.673) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef1ceb31c Stack Init fffff8801623edd0 Current fffff8801623e180 Base fffff8801623f000 Limit fffff88016239000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa800261b080 Cid 08a8.0a24 Teb: 000007f6fb0da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003de5620 NotificationEvent fffffa8003613a10 NotificationEvent fffffa8003f33d50 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679813 Ticks: 61315 (0:00:15:56.520) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef1ce6398 Stack Init fffff88015014dd0 Current fffff88015014180 Base fffff88015015000 Limit fffff8801500f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`150141c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15014300 fffff802`b3b293cd : 00000000`00000000 fffffa80`0362e170 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`150143c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`15014540 fffffa80`03f33d50 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15014470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15014980 fffff802`b3b02d53 : fffffa80`0261b080 00000083`fa26f8a8 fffff880`15014be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15014bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15014c40) 00000083`fa26f888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002619080 Cid 08a8.0a54 Teb: 000007f6fb0dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740763 Ticks: 365 (0:00:00:05.694) Context Switch Count 9809 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.124 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003ddfdd0 Current fffff88003ddf760 Base fffff88003de0000 Limit fffff88003dda000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03ddf7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000102 : nt!KiSwapContext+0x76 fffff880`03ddf8e0 fffff802`b3b38ddb : fffff880`03ddf950 000201e0`0002001a 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03ddf9a0 fffff802`b3ed0b6c : fffffa80`03e98b80 fffffa80`02619001 00000000`00000001 00000083`fa1cf700 : nt!KeRemoveQueueEx+0x26b fffff880`03ddfa50 fffff802`b3b434d5 : fffffa80`03e98b80 00000083`e80c21b0 fffff880`03ddfb80 fffff802`b3d0d001 : nt!IoRemoveIoCompletion+0x4c fffff880`03ddfae0 fffff802`b3b02d53 : 00000000`0000004c 00000083`e80c21b0 00000000`00000010 00000083`fa1cf740 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03ddfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03ddfc40) 00000083`fa1cf6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80021a3600 Cid 08a8.0ce0 Teb: 000007f6fb0d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003e98b80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 3041 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016485dd0 Current fffff88016485760 Base fffff88016486000 Limit fffff88016480000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164857a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164858e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`164859a0 fffff802`b3ed0b6c : fffffa80`03e98b80 fffffa80`021a3601 00000000`00000001 00000083`900ffb00 : nt!KeRemoveQueueEx+0x26b fffff880`16485a50 fffff802`b3b434d5 : fffffa80`03e98b80 00000083`e80ceb30 fffff880`16485b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`16485ae0 fffff802`b3b02d53 : 00000000`0000004c 00000083`e80ceb30 00000000`00000010 00000083`900ffb30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16485c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16485c40) 00000083`900ffad8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800381a080 Cid 08a8.095c Teb: 000007f6fb203000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003673f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679761 Ticks: 61367 (0:00:15:57.331) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880163dddd0 Current fffff880163dd900 Base fffff880163de000 Limit fffff880163d8000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`163dd940 fffff802`b3b2d99c : ffff7cad`00000001 00000000`00000000 fffff880`00000000 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`163dda80 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`163ddb40 fffff802`b3ec9df6 : fffffa80`03673f60 00000000`00000006 00000000`00000001 fffff6fb`7da01000 : nt!KeWaitForSingleObject+0x1cf fffff880`163ddbd0 fffff802`b3b02d53 : fffffa80`0381a080 00000000`ffffffff 00000000`00000000 fffffa80`03673f60 : nt!NtWaitForSingleObject+0xb6 fffff880`163ddc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163ddc40) 00000083`8010fa88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001e5db00 Cid 08a8.091c Teb: 000007f6fb0d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003e3d3c0 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15679779 Ticks: 61349 (0:00:15:57.050) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88016179dd0 Current fffff880161797a0 Base fffff8801617a000 Limit fffff88016174000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161797e0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000000 fffff880`015172e9 : nt!KiSwapContext+0x76 fffff880`16179920 fffff802`b3b38ddb : 00000000`00000000 00000000`00000204 00000000`00000000 fffff802`b3eca976 : nt!KiCommitThreadWait+0x23c fffff880`161799e0 fffff802`b3ed0b6c : fffffa80`03e3d3c0 00000000`00000001 00000083`8143fc00 fffff880`16179b00 : nt!KeRemoveQueueEx+0x26b fffff880`16179a90 fffff802`b3eafcb5 : fffffa80`03e3d3c0 fffff880`16179b88 fffff880`16179b80 fffffa80`03ef62f0 : nt!IoRemoveIoCompletion+0x4c fffff880`16179b20 fffff802`b3b02d53 : fffffa80`01e5db00 00000083`8143fc18 fffff880`16179be8 00000083`fa2704f0 : nt!NtRemoveIoCompletion+0x135 fffff880`16179bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16179c40) 00000083`8143fbf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8004146080 Cid 08a8.0ad0 Teb: 000007f6fb209000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8004146428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a0067d5770 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940 Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa8003fea3c0 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740815 Ticks: 313 (0:00:00:04.882) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeef0a9e8 Stack Init fffff880159bddd0 Current fffff880159bd660 Base fffff880159be000 Limit fffff880159b8000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159bd6a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3ec99d0 : nt!KiSwapContext+0x76 fffff880`159bd7e0 fffff802`b3b29c1f : fffff8a0`0251b550 fffff880`159bdaa8 00000000`00000001 fffffa80`036a3bc0 : nt!KiCommitThreadWait+0x23c fffff880`159bd8a0 fffff802`b3af1a0a : fffffa80`04146428 ffffffff`00000011 00000083`00000001 00000000`090f3c01 : nt!KeWaitForSingleObject+0x1cf fffff880`159bd930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`04146428 00000008`00000001 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`159bd9e0 fffff802`b3ebb762 : fffffa80`02e74240 00000083`e80354f0 00000083`819fef78 00000000`00000001 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`159bda40 fffff802`b3ec19c2 : fffffa80`02e74240 00000000`00020000 00000083`e80354f0 00000083`fa2a01e8 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`159bdb20 fffff802`b3b02d53 : fffffa80`04146080 fffff880`159bdcc0 fffff880`159bdbe8 00000000`00000006 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`159bdbd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159bdc40) 00000083`819fef28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa PROCESS fffffa8002772940 SessionId: 0 Cid: 0bac Peb: 7f7e166e000 ParentCid: 0288 DirBase: 2428a000 ObjectTable: fffff8a0008cc040 HandleCount: Image: dllhost.exe THREAD fffffa8002c5c080 Cid 0bac.0bb0 Teb: 000007f7e166c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e75190 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 19238 Ticks: 15721890 (2:20:07:43.055) Context Switch Count 41 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address 0x000007f7e23511d4 Stack Init fffff88014e3edd0 Current fffff88014e3e900 Base fffff88014e3f000 Limit fffff88014e39000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80018ea5c0 Cid 0bac.0bc0 Teb: 000007f7e1664000 Win32Thread: fffff90100671b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002767d30 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736660 Ticks: 4468 (0:00:01:09.701) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880151d4dd0 Current fffff880151d45f0 Base fffff880151d5000 Limit fffff880151cf000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151d4630 fffff802`b3b2d99c : ffff7cad`00000001 00000000`00000000 fffffa80`00000000 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`151d4770 fffff802`b3b29c1f : 00000000`00010224 00000000`00000000 00000000`00000000 fffff802`00000000 : nt!KiCommitThreadWait+0x23c fffff880`151d4830 fffff802`b3b2943e : fffffa80`02767d30 fffff802`0000000d fffffa80`018ea501 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`151d48c0 fffff960`00153e07 : fffffa80`00000001 fffff880`151d49e0 fffff880`009e6180 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`151d4970 fffff960`00154765 : fffff901`006f0000 fffff901`00670000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`151d4a40 fffff960`00152e99 : fffff880`151d4cc0 00000000`00000100 00000000`00000001 fffff802`b3b2bb35 : win32k!xxxSleepThread+0xc5 fffff880`151d4a90 fffff960`001545f3 : fffff880`151d4bf8 00000051`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`151d4bb0 fffff802`b3b02d53 : fffffa80`018ea5c0 000007fe`f7ca6ab0 00000000`00000020 fffff880`151d4c40 : win32k!NtUserGetMessage+0x83 fffff880`151d4c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151d4c40) 00000051`5970f888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002e1fb00 Cid 0bac.087c Teb: 000007f7e1538000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8002e5a960 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15711974 Ticks: 29154 (0:00:07:34.805) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feea6433c0 Stack Init fffff88016254dd0 Current fffff88016254180 Base fffff88016255000 Limit fffff8801624f000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`162541c0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16254300 fffff802`b3b293cd : 00000000`00000000 fffff880`162544d8 00000000`00000000 fffff802`b3b4749f : nt!KiCommitThreadWait+0x23c fffff880`162543c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16254540 fffffa80`02e5a960 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16254470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000194 : nt!ObWaitForMultipleObjects+0x29c fffff880`16254980 fffff802`b3b02d53 : fffffa80`02e1fb00 00000051`5a04f3e8 fffff880`16254be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16254bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16254c40) 00000051`5a04f3c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f7c080 Cid 0bac.0a78 Teb: 000007f7e166a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002dbcc80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002772940 Image: dllhost.exe Attached Process N/A Image: N/A Wait Start TickCount 15710136 Ticks: 30992 (0:00:08:03.478) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b8dd0 Current fffff880158b8760 Base fffff880158b9000 Limit fffff880158b3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`158b87a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`158b88e0 fffff802`b3b38ddb : fffffa80`02dbcc80 fffff802`b3b4c9fd 00000000`00000000 00000000`00000538 : nt!KiCommitThreadWait+0x23c fffff880`158b89a0 fffff802`b3ed0b6c : fffffa80`02dbcc80 fffffa80`03f7c001 00000000`00000001 00000051`5912f700 : nt!KeRemoveQueueEx+0x26b fffff880`158b8a50 fffff802`b3b434d5 : fffffa80`02dbcc80 00000051`58f46430 fffff880`158b8b80 fffff802`b3b2a538 : nt!IoRemoveIoCompletion+0x4c fffff880`158b8ae0 fffff802`b3b02d53 : 00000000`000000b4 00000051`58f46430 00000051`00000010 00000051`5912f7a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158b8c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158b8c40) 00000051`5912f748 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa80038e6940 SessionId: 0 Cid: 0270 Peb: 7f79c425000 ParentCid: 0220 DirBase: 3a2aa000 ObjectTable: fffff8a006c77c40 HandleCount: Image: SearchIndexer.exe THREAD fffffa800260e700 Cid 0270.0750 Teb: 000007f79c42e000 Win32Thread: fffff901006c9b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036bfc70 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 132 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address 0x000007f79cd16f2c Stack Init fffff8801643fdd0 Current fffff8801643f900 Base fffff88016440000 Limit fffff8801643a000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1643f940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`037dc070 00000042`3aab6600 : nt!KiSwapContext+0x76 fffff880`1643fa80 fffff802`b3b29c1f : fffff880`1643fb70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`1643fb40 fffff802`b3ec9df6 : fffffa80`036bfc70 fffff880`00000006 00000000`00000001 00000042`3aab8a00 : nt!KeWaitForSingleObject+0x1cf fffff880`1643fbd0 fffff802`b3b02d53 : fffffa80`0260e700 00000000`ffffffff 00000000`00000000 fffffa80`036bfc70 : nt!NtWaitForSingleObject+0xb6 fffff880`1643fc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1643fc40) 00000042`3a9ff548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003b9d080 Cid 0270.047c Teb: 000007f79c428000 Win32Thread: fffff901006af610 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003254860 SynchronizationEvent fffffa800395a460 SynchronizationEvent fffffa80038b67a0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 34436 Ticks: 15706692 (2:20:03:45.965) Context Switch Count 281 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.078 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016477dd0 Current fffff88016477180 Base fffff88016478000 Limit fffff88016472000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8003e86880 Cid 0270.0454 Teb: 000007f79c426000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80026a0420 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 63311 Ticks: 15677817 (2:19:56:15.512) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88015037dd0 Current fffff88015037900 Base fffff88015038000 Limit fffff88015032000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15037940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 fffff880`15037a01 : nt!KiSwapContext+0x76 fffff880`15037a80 fffff802`b3b29c1f : fffffa80`02680c30 00000000`00000000 00000000`00000000 fffff802`b3e8d256 : nt!KiCommitThreadWait+0x23c fffff880`15037b40 fffff802`b3ec9df6 : fffffa80`026a0420 fffff802`00000006 00000000`00000001 fffff6fb`7da00800 : nt!KeWaitForSingleObject+0x1cf fffff880`15037bd0 fffff802`b3b02d53 : fffffa80`03e86880 00000000`ffffffff 00000000`00000000 fffffa80`026a0420 : nt!NtWaitForSingleObject+0xb6 fffff880`15037c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15037c40) 00000042`3bb7f688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003dd9b00 Cid 0270.06d8 Teb: 000007f79c2fe000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003994450 SynchronizationEvent fffffa8003d9ecb0 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 25664 Ticks: 15715464 (2:20:06:02.809) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88014fc6dd0 Current fffff88014fc6180 Base fffff88014fc7000 Limit fffff88014fc1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa80027deb00 Cid 0270.0474 Teb: 000007f79c2fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800383e380 NotificationEvent fffffa8003822860 NotificationEvent IRP List: fffffa8002d8e010: (0006,01f0) Flags: 00060800 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15682394 Ticks: 58734 (0:00:15:16.256) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec7619e0 Stack Init fffff88015550dd0 Current fffff88015550180 Base fffff88015551000 Limit fffff8801554b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155501c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15550300 fffff802`b3b293cd : fffffa80`02d914a0 fffffa80`019e56c0 00000000`00000000 fffffa80`0418c260 : nt!KiCommitThreadWait+0x23c fffff880`155503c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15550540 fffffa80`03822860 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15550470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02d8e010 : nt!ObWaitForMultipleObjects+0x29c fffff880`15550980 fffff802`b3b02d53 : fffffa80`027deb00 00000042`4559f338 fffff880`15550be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15550bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15550c40) 00000042`4559f318 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039d5b00 Cid 0270.0b84 Teb: 000007f79c2f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd14c0 SynchronizationEvent fffffa8003f87ec0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 71 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address 0x000007feec5139e4 Stack Init fffff880164d2dd0 Current fffff880164d2180 Base fffff880164d3000 Limit fffff880164cd000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164d21c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`164d2300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 fffff802`b3b37000 : nt!KiCommitThreadWait+0x23c fffff880`164d23c0 fffff802`b3eca2ac : 00000042`00000002 fffff880`164d2540 fffffa80`03f87ec0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`164d2470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`164d29b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`164d2980 fffff802`b3b02d53 : fffffa80`039d5b00 00000042`45b2f568 fffff880`164d2be8 00000042`45b2f590 : nt!NtWaitForMultipleObjects+0xe3 fffff880`164d2bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164d2c40) 00000042`45b2f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038a8080 Cid 0270.080c Teb: 000007f79c2f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031af3e0 SynchronizationEvent fffffa8003fdc6a0 SynchronizationTimer Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741118 Ticks: 10 (0:00:00:00.156) Context Switch Count 341 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec4c5cc8 Stack Init fffff8801557add0 Current fffff8801557a180 Base fffff8801557b000 Limit fffff88015575000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1557a1c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1557a300 fffff802`b3b293cd : fffffa80`0278a9d0 00000001`0278a9d0 00000000`00000000 fffffa80`0276ba20 : nt!KiCommitThreadWait+0x23c fffff880`1557a3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1557a540 fffffa80`03fdc6a0 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1557a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`1557a9b0 fffff802`b3ef63ca : nt!ObWaitForMultipleObjects+0x29c fffff880`1557a980 fffff802`b3b02d53 : fffffa80`038a8080 00000042`45baef08 fffff880`1557abe8 00000042`45baef30 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1557abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1557ac40) 00000042`45baeee8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f1fb00 Cid 0270.086c Teb: 000007f79c2f4000 Win32Thread: fffff901006b53a0 WAIT: (UserRequest) UserMode Non-Alertable fffffa800393fc90 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740796 Ticks: 332 (0:00:00:05.179) Context Switch Count 719 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.046 Win32 Start Address 0x000007feec5626d0 Stack Init fffff8801650add0 Current fffff8801650a0f0 Base fffff8801650b000 Limit fffff88016505000 Call 0 Priority 8 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1650a130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1650a270 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`0686a110 : nt!KiCommitThreadWait+0x23c fffff880`1650a330 fffff802`b3b2943e : fffffa80`0393fc90 00000000`00000006 fffff8a0`0218f501 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`1650a3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`1650a540 fffff880`1650ab10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1650a470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1650a980 fffff802`b3b02d53 : fffffa80`03f1fb00 00000042`45c2ac68 fffff880`1650abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1650abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1650ac40) 00000042`45c2ac48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b03080 Cid 0270.08ec Teb: 000007f79c2f2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f8be90 NotificationEvent fffffa8003882380 NotificationEvent fffffa8003ee2c50 NotificationEvent IRP List: fffffa80018ad010: (0006,03e8) Flags: 00060800 Mdl: fffffa8004144300 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740132 Ticks: 996 (0:00:00:15.537) Context Switch Count 11133 IdealProcessor: 0 UserTime 00:00:00.499 KernelTime 00:00:00.499 Win32 Start Address 0x000007feec55cc48 Stack Init fffff88016511dd0 Current fffff88016511180 Base fffff88016512000 Limit fffff8801650c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165111c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16511300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3cf813e 00000000`00000000 fffffa80`03b03180 : nt!KiCommitThreadWait+0x23c fffff880`165113c0 fffff802`b3eca2ac : fffff680`00000003 fffff880`16511540 fffffa80`03ee2c50 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16511470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffffa80`018ad010 : nt!ObWaitForMultipleObjects+0x29c fffff880`16511980 fffff802`b3b02d53 : fffffa80`03b03080 00000042`45cedac8 fffff880`16511be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16511bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16511c40) 00000042`45cedaa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001df9900 Cid 0270.0778 Teb: 000007f79c2f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8001c40640 NotificationEvent IRP List: fffffa800261ed40: (0006,01f0) Flags: 00060900 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 337 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec7619e0 Stack Init fffff880165ffdd0 Current fffff880165ff900 Base fffff88016600000 Limit fffff880165fa000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165ff940 fffff802`b3b2d99c : ffff7cad`00000001 00000000`00000000 fffff880`00000000 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`165ffa80 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`165ffb40 fffff802`b3ec9df6 : fffffa80`01c40640 00000000`00000006 00000000`00000001 000007fe`ec6df700 : nt!KeWaitForSingleObject+0x1cf fffff880`165ffbd0 fffff802`b3b02d53 : fffffa80`01df9900 00000000`ffffffff 00000000`00000000 fffffa80`01c40640 : nt!NtWaitForSingleObject+0xb6 fffff880`165ffc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165ffc40) 00000042`45d9f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80038857c0 Cid 0270.0ee8 Teb: 000007f79c423000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80037a1680 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80038e6940 Image: SearchIndexer.exe Attached Process N/A Image: N/A Wait Start TickCount 15708736 Ticks: 32392 (0:00:08:25.318) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015887dd0 Current fffff88015887760 Base fffff88015888000 Limit fffff88015882000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`158877a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`158878e0 fffff802`b3b38ddb : 00000000`00000960 fffff802`b3e8eae7 00000000`00000000 fffff880`15887a10 : nt!KiCommitThreadWait+0x23c fffff880`158879a0 fffff802`b3ed0b6c : fffffa80`037a1680 fffffa80`03885701 00000000`00000001 00000042`45aafb00 : nt!KeRemoveQueueEx+0x26b fffff880`15887a50 fffff802`b3b434d5 : fffffa80`037a1680 00000042`454bc750 fffff880`15887b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15887ae0 fffff802`b3b02d53 : 00000000`00000118 00000042`454bc750 fffff880`00000010 00000042`45aafbb0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15887c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15887c40) 00000042`45aafb58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8001c4b080 SessionId: 0 Cid: 0ba8 Peb: 7f765435000 ParentCid: 0220 DirBase: 3c709000 ObjectTable: fffff8a000643200 HandleCount: Image: wmpnetwk.exe THREAD fffffa80018a6080 Cid 0ba8.03f8 Teb: 000007f76543e000 Win32Thread: fffff901006ef290 WAIT: (UserRequest) UserMode Non-Alertable fffffa80033e5220 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 147 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address 0x000007f765e6d170 Stack Init fffff88015ecadd0 Current fffff88015eca900 Base fffff88015ecb000 Limit fffff88015ec5000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15eca940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`039a6e40 00000072`b7afd9e0 : nt!KiSwapContext+0x76 fffff880`15ecaa80 fffff802`b3b29c1f : fffff880`15ecab70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15ecab40 fffff802`b3ec9df6 : fffffa80`033e5220 fffff880`00000006 00000000`00000001 00000072`b7afd400 : nt!KeWaitForSingleObject+0x1cf fffff880`15ecabd0 fffff802`b3b02d53 : fffffa80`018a6080 00000000`ffffffff 00000000`00000000 fffffa80`033e5220 : nt!NtWaitForSingleObject+0xb6 fffff880`15ecac40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ecac40) 00000072`b79ff018 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c8e680 Cid 0ba8.0820 Teb: 000007f765438000 Win32Thread: fffff901006f5010 WAIT: (UserRequest) UserMode Alertable fffffa8001d4b860 SynchronizationEvent fffffa8001ca5130 SynchronizationEvent fffffa8001d4d740 NotificationEvent fffffa8003818f20 SynchronizationEvent fffffa8003ea24e0 SynchronizationEvent fffffa8003e03140 SynchronizationEvent fffffa8001c09420 SynchronizationEvent fffffa8003ea2460 SynchronizationEvent fffffa8003863310 SynchronizationEvent IRP List: fffffa8003704c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682130 Ticks: 58998 (0:00:15:20.374) Context Switch Count 727 IdealProcessor: 0 UserTime 00:00:00.140 KernelTime 00:00:00.062 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff88016565dd0 Current fffff88016565180 Base fffff88016566000 Limit fffff88016560000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165651c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16565300 fffff802`b3b293cd : fffff880`16565698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`165653c0 fffff802`b3eca2ac : fffff880`00000009 fffff880`16565540 fffffa80`03863310 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16565470 fffff802`b3eca723 : 00000000`00000009 00000000`00000001 fffff880`165659b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`16565980 fffff802`b3b02d53 : fffffa80`01c8e680 00000072`b858f378 fffff880`16565be8 00000072`b858f3a0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16565bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16565c40) 00000072`b858f358 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001ca1b00 Cid 0ba8.05f4 Teb: 000007f76530e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c0ad30 SynchronizationEvent fffffa8001c0acb0 SynchronizationEvent fffffa8003982ce0 NotificationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27465 Ticks: 15713663 (2:20:05:34.713) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f765de565c Stack Init fffff880154e1dd0 Current fffff880154e1180 Base fffff880154e2000 Limit fffff880154dc000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cd9800 Cid 0ba8.07f4 Teb: 000007f76530c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c11c50 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 27466 Ticks: 15713662 (2:20:05:34.698) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f765e1e828 Stack Init fffff88015478dd0 Current fffff88015478900 Base fffff88015479000 Limit fffff88015473000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c55b00 Cid 0ba8.033c Teb: 000007f76530a000 Win32Thread: fffff901006f2710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bf3db0 SynchronizationEvent fffffa8003bdea28 NotificationEvent fffffa8003db1798 NotificationEvent IRP List: fffffa80018cac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15682395 Ticks: 58733 (0:00:15:16.240) Context Switch Count 818 IdealProcessor: 0 UserTime 00:00:00.655 KernelTime 00:00:00.468 Win32 Start Address 0x000007f765e1f45c Stack Init fffff880154e8dd0 Current fffff880154e8180 Base fffff880154e9000 Limit fffff880154e3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154e81c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`04141010 00000000`c0000034 : nt!KiSwapContext+0x76 fffff880`154e8300 fffff802`b3b293cd : fffffa80`02111f20 00000001`02111f20 00000000`00000000 fffffa80`0276ba20 : nt!KiCommitThreadWait+0x23c fffff880`154e83c0 fffff802`b3eca2ac : fffffa80`00000003 fffff880`154e8540 fffffa80`03db1798 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`154e8470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`154e8980 fffff802`b3b02d53 : fffffa80`01c55b00 00000072`b890f4b8 fffff880`154e8be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`154e8bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154e8c40) 00000072`b890f498 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001cc3080 Cid 0ba8.055c Teb: 000007f765306000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8001c89ac0 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28059 Ticks: 15713069 (2:20:05:25.447) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015f2cdd0 Current fffff88015f2c7a0 Base fffff88015f2d000 Limit fffff88015f27000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001cc3700 Cid 0ba8.05dc Teb: 000007f765304000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001c89a00 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 28062 Ticks: 15713066 (2:20:05:25.400) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015045dd0 Current fffff88015045760 Base fffff88015046000 Limit fffff88015040000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. THREAD fffffa8001c73b00 Cid 0ba8.06b0 Teb: 000007f765302000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c85e10 NotificationEvent fffffa8001c85e90 SynchronizationEvent Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15683120 Ticks: 58008 (0:00:15:04.930) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f765e3d394 Stack Init fffff88015f4fdd0 Current fffff88015f4f180 Base fffff88015f50000 Limit fffff88015f4a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15f4f1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f4f300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15f4f3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15f4f540 fffffa80`01c85e90 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15f4f470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff683`fbb29818 : nt!ObWaitForMultipleObjects+0x29c fffff880`15f4f980 fffff802`b3b02d53 : fffffa80`01c73b00 00000072`b8dafa28 fffff880`15f4fbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15f4fbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f4fc40) 00000072`b8dafa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d7f080 Cid 0ba8.0ad4 Teb: 000007f7652fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d81460 NotificationEvent fffffa8001c6e960 SynchronizationTimer Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15740879 Ticks: 249 (0:00:00:03.884) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feec7718e8 Stack Init fffff88016334dd0 Current fffff88016334180 Base fffff88016335000 Limit fffff8801632f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`163341c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16334300 fffff802`b3b293cd : 00000000`00000016 fffff802`b3a432a1 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`163343c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16334540 fffffa80`01c6e960 fffffff6`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16334470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`015170ee : nt!ObWaitForMultipleObjects+0x29c fffff880`16334980 fffff802`b3b02d53 : fffffa80`01d7f080 00000072`b910f6a8 fffff880`16334be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16334bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16334c40) 00000072`b910f688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800419c9c0 Cid 0ba8.03dc Teb: 000007f765308000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject IRP List: fffffa8001c62230: (0006,0118) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15692903 Ticks: 48225 (0:00:12:32.314) Context Switch Count 411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170b5dd0 Current fffff880170b5760 Base fffff880170b6000 Limit fffff880170b0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170b57a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000000 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`170b58e0 fffff802`b3b38ddb : fffffa80`03874a70 fffff802`b3e8eae7 00000000`00000000 fffff880`170b5a60 : nt!KiCommitThreadWait+0x23c fffff880`170b59a0 fffff802`b3ed0b6c : fffffa80`03dc8b80 fffffa80`0419c901 00000000`00000001 00000072`b8a2f700 : nt!KeRemoveQueueEx+0x26b fffff880`170b5a50 fffff802`b3b434d5 : fffffa80`03dc8b80 00000072`b7b12d80 fffff880`170b5b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`170b5ae0 fffff802`b3b02d53 : 00000000`00000124 00000072`b7b12d80 00000072`00000010 00000072`b8a2f780 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170b5c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170b5c40) 00000072`b8a2f728 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001df5080 Cid 0ba8.0cb8 Teb: 000007f765300000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003dc8b80 QueueObject Not impersonating DeviceMap fffff8a0007b8aa0 Owning Process fffffa8001c4b080 Image: wmpnetwk.exe Attached Process N/A Image: N/A Wait Start TickCount 15679441 Ticks: 61687 (0:00:16:02.323) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017580dd0 Current fffff88017580760 Base fffff88017581000 Limit fffff8801757b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175807a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175808e0 fffff802`b3b38ddb : fffffa80`03dc8b80 fffff880`009e6180 00000000`00000000 00000000`00000463 : nt!KiCommitThreadWait+0x23c fffff880`175809a0 fffff802`b3ed0b6c : fffffa80`03dc8b80 fffffa80`01df5001 00000000`00000001 00000072`b8e7f700 : nt!KeRemoveQueueEx+0x26b fffff880`17580a50 fffff802`b3b434d5 : fffffa80`03dc8b80 00000072`b9151cf0 fffff880`17580b80 fffffa80`0390d430 : nt!IoRemoveIoCompletion+0x4c fffff880`17580ae0 fffff802`b3b02d53 : 00000000`00000124 00000072`b9151cf0 00000072`00000010 00000072`b8e7f760 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17580c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17580c40) 00000072`b8e7f708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8001d07940 SessionId: 1 Cid: 0acc Peb: 7f68f055000 ParentCid: 0ae4 DirBase: 3b81b000 ObjectTable: 00000000 HandleCount: 0. Image: explorer.exe No active threads PROCESS fffffa8001f4b940 SessionId: 2 Cid: 0a3c Peb: 7f6a5f5f000 ParentCid: 011c DirBase: 604c7000 ObjectTable: 00000000 HandleCount: 0. Image: smss.exe No active threads PROCESS fffffa80020b0080 SessionId: 2 Cid: 0cdc Peb: 7f768c3f000 ParentCid: 0a3c DirBase: 5e728000 ObjectTable: fffff8a0035fd400 HandleCount: Image: csrss.exe THREAD fffffa8001c22080 Cid 0cdc.03d8 Teb: 000007f768c3b000 Win32Thread: fffff901000bab90 WAIT: (WrLpcReply) UserMode Non-Alertable fffffa8001c22428 Semaphore Limit 0x1 Waiting for reply to ALPC Message fffff8a00311e770 : queued at port fffffa8003781330 : owned by process fffffa8003740540 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680789 Ticks: 60339 (0:00:15:41.294) Context Switch Count 136 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007fef4e21cb0 Stack Init fffff880170aedd0 Current fffff880170ae660 Base fffff880170af000 Limit fffff880170a9000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170ae6a0 fffff802`b3b2d99c : fffffa80`03781330 00000000`00000000 ffffffff`ffffffff fffff901`003b4140 : nt!KiSwapContext+0x76 fffff880`170ae7e0 fffff802`b3b29c1f : fffffa80`0276c070 00000000`00000000 00000000`00000001 fffffa80`03781330 : nt!KiCommitThreadWait+0x23c fffff880`170ae8a0 fffff802`b3af1a0a : fffffa80`01c22428 fffffa80`00000011 ffffffff`00000001 00000000`00b7bf01 : nt!KeWaitForSingleObject+0x1cf fffff880`170ae930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`01c22428 00000000`00000001 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`170ae9e0 fffff802`b3ebb762 : fffffa80`0276c070 000007fe`f4e38200 00000000`00000000 000007fe`00000001 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`170aea40 fffff802`b3ec19c2 : fffffa80`0276c070 00000000`00020000 000007fe`f4e38200 00000000`00000000 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`170aeb20 fffff802`b3b02d53 : fffffa80`01c22080 fffff880`170aecc0 fffff880`170aebe8 00000000`00000018 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`170aebd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170aec40) 0000005c`8d04fb98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8002126b00 Cid 0cdc.0a20 Teb: 000007f768c39000 Win32Thread: fffff90100661b90 WAIT: (UserRequest) UserMode Alertable fffffa80018936a0 SynchronizationEvent fffffa8001fb3fe0 SynchronizationEvent fffffa80033e2ee0 SynchronizationEvent fffffa80033ee280 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15680790 Ticks: 60338 (0:00:15:41.278) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.358 Win32 Start Address 0x000007fef4e21630 Stack Init fffff880165a6dd0 Current fffff880165a6180 Base fffff880165a7000 Limit fffff880165a1000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165a61c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165a6300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`165a63c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`165a6540 fffffa80`033ee280 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`165a6470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`165a6980 fffff802`b3b02d53 : fffffa80`02126b00 0000005c`8d08f9c8 fffff880`165a6be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`165a6bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165a6c40) 0000005c`8d08f9a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001f57080 Cid 0cdc.0a04 Teb: 000007f768c35000 Win32Thread: fffff901000b7220 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001f57428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741024 Ticks: 104 (0:00:00:01.622) Context Switch Count 328 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.093 Win32 Start Address 0x000007fef4e84a3c Stack Init fffff88017045dd0 Current fffff88017045750 Base fffff88017046000 Limit fffff88017040000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17045790 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`170458d0 fffff802`b3b29c1f : 00000000`00000a30 00000000`00010000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17045990 fffff802`b3ee4c70 : fffffa80`01f57428 fffff802`00000010 fffff8a0`018fd201 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`17045a20 fffff802`b3eb9bd4 : 00000000`60000000 000007f7`68c35001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`17045a90 fffff802`b3ec1949 : fffffa80`0209c090 00000000`00000000 fffffa80`0209c090 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`17045b20 fffff802`b3b02d53 : fffffa80`01f57080 fffff880`17045cc0 fffff880`17045be8 00000000`00000000 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17045bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17045c40) 0000005c`8d12f4e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa80021a5b00 Cid 0cdc.0a84 Teb: 000007f768c33000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80021a5ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65253 Ticks: 15675875 (2:19:55:45.217) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e83d10 Stack Init fffff880165addd0 Current fffff880165ad7a0 Base fffff880165ae000 Limit fffff880165a8000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165ad7e0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff157`9051604b fffff802`b3b74198 : nt!KiSwapContext+0x76 fffff880`165ad920 fffff802`b3b29c1f : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00001000 : nt!KiCommitThreadWait+0x23c fffff880`165ad9e0 fffff802`b3ee4c70 : fffffa80`021a5ea8 00000008`00000010 fffffa80`0209c501 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`165ada70 fffff802`b3ef350d : 0000005c`8d16f660 fffff8a0`00000001 fffff880`165adc00 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`165adae0 fffff802`b3ef334b : fffffa80`0203c320 0000005c`8d16f660 00000000`00000000 fffff8a0`02ccb9b0 : nt!AlpcpReceiveLegacyMessage+0x11c fffff880`165adb70 fffff802`b3ef31f3 : fffffa80`021a5b00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReplyWaitReceivePortEx+0xca fffff880`165adc00 fffff802`b3b02d53 : 00000000`00000001 0000005c`8d170000 00000000`00000001 fffffa80`02112b00 : nt!NtReplyWaitReceivePort+0xf fffff880`165adc40 000007fe`f7ec2c9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165adc40) 0000005c`8d16f608 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtReplyWaitReceivePort+0xa THREAD fffffa800207fb00 Cid 0cdc.0e6c Teb: 000007f768c3d000 Win32Thread: fffff90100755680 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa800207fea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741089 Ticks: 39 (0:00:00:00.608) Context Switch Count 343 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.046 Win32 Start Address 0x000007fef4e84a3c Stack Init fffff880171e7dd0 Current fffff880171e7750 Base fffff880171e8000 Limit fffff880171e2000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171e7790 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 00000000`61436d4d : nt!KiSwapContext+0x76 fffff880`171e78d0 fffff802`b3b29c1f : fffff8a0`0204cd40 000007f7`68c3d000 00000000`00000000 00000000`74636553 : nt!KiCommitThreadWait+0x23c fffff880`171e7990 fffff802`b3ee4c70 : fffffa80`0207fea8 fffff802`00000010 fffff8a0`00a77b01 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`171e7a20 fffff802`b3eb9bd4 : 00000000`60000000 000007f7`68c3d001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`171e7a90 fffff802`b3ec1949 : fffffa80`0209c090 00000000`00000000 fffffa80`0209c090 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`171e7b20 fffff802`b3b02d53 : fffffa80`0207fb00 fffff880`171e7cc0 fffff880`171e7be8 00000000`ffffffff : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`171e7bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171e7c40) 0000005c`8d5cf4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa80021ca080 Cid 0cdc.0868 Teb: 000007f768b0e000 Win32Thread: fffff901001a9b90 WAIT: (WrUserRequest) KernelMode Alertable fffffa80020e4cb0 SynchronizationEvent fffffa8001e4ea00 NotificationTimer fffffa8003de3c00 SynchronizationTimer fffffa8001990080 SynchronizationEvent IRP List: fffffa800267c6a0: (0006,0478) Flags: 00060970 Mdl: 00000000 fffffa80021bdc10: (0006,03e8) Flags: 00060900 Mdl: fffffa8002c89a60 fffffa8002137c10: (0006,03e8) Flags: 00060900 Mdl: fffffa8003e0b1a0 fffffa8001ed1b40: (0006,04c0) Flags: 00060900 Mdl: fffffa80037d1010 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 47974 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.577 Win32 Start Address 0x000007fef4e22bd0 Stack Init fffff8801718edd0 Current fffff8801718e810 Base fffff8801718f000 Limit fffff88017189000 Call 0 Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1718e850 fffff802`b3b2d99c : fffff901`00000001 00000000`00000000 00000000`00000001 fffffa80`0263eea0 : nt!KiSwapContext+0x76 fffff880`1718e990 fffff802`b3b293cd : fffff960`00411402 fffff960`00411500 00000000`00000000 fffff960`0020e7c3 : nt!KiCommitThreadWait+0x23c fffff880`1718ea50 fffff960`00152571 : 00000000`00000004 fffffa80`01e34230 00000000`00000003 00000000`0000000d : nt!KeWaitForMultipleObjects+0x25d fffff880`1718eb00 fffff960`001902d0 : 00000000`00000010 00000000`00000004 ffffffff`800006c0 fffffa80`01990080 : win32k!RawInputThread+0x695 fffff880`1718ebe0 fffff960`001376ff : 00000000`00000002 fffff880`1706f200 fffff880`1718ecc0 00000000`00000000 : win32k!xxxCreateSystemThreads+0x48 fffff880`1718ec10 fffff802`b3b02d53 : 00000000`00000006 00000000`00000020 000007f7`68b0e000 fffffa80`021ca080 : win32k!NtUserCallNoParam+0x17f fffff880`1718ec40 000007fe`f4e2180a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1718ec40) 0000005c`8d60fa98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f4e2180a THREAD fffffa800419ab00 Cid 0cdc.0bfc Teb: 000007f768b0c000 Win32Thread: fffff901001af850 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002dd7320 SynchronizationEvent fffffa8003f11640 SynchronizationEvent fffffa80020fc060 SynchronizationEvent IRP List: fffffa8003f3dab0: (0006,0550) Flags: 00060970 Mdl: 00000000 fffffa8002599b80: (0006,0478) Flags: 00060970 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 45172 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:01.965 Win32 Start Address 0x000007fef4e22bd0 Stack Init fffff88017318dd0 Current fffff880173187e0 Base fffff88017319000 Limit fffff88017313000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17318820 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff960`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17318960 fffff802`b3b293cd : fffffa80`0200d768 00000000`00000001 00000000`00000000 fffffa80`0200d760 : nt!KiCommitThreadWait+0x23c fffff880`17318a20 fffff960`000f6d4b : fffff901`00000003 fffffa80`04001720 fffff901`001af850 00000000`0000000d : nt!KeWaitForMultipleObjects+0x25d fffff880`17318ad0 fffff960`000f6fe6 : 00000000`00000000 00000000`00000001 fffff960`0040ec00 fffffa80`04001720 : win32k!xxxDesktopThreadWaiter+0x107 fffff880`17318b50 fffff960`001902e0 : 00000000`00000001 00000000`0000000c fffff960`001e21f0 fffff901`001af6b0 : win32k!xxxDesktopThread+0x1e6 fffff880`17318be0 fffff960`001376ff : 00000000`00000001 fffff960`0040ec00 fffff880`17318cc0 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58 fffff880`17318c10 fffff802`b3b02d53 : 00000000`00000006 00000000`00000020 000007f7`68b0c000 fffffa80`0419ab00 : win32k!NtUserCallNoParam+0x17f fffff880`17318c40 000007fe`f4e2180a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17318c40) 0000005c`8d64f878 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f4e2180a THREAD fffffa80041b2b00 Cid 0cdc.0e94 Teb: 000007f768b0a000 Win32Thread: fffff901000ec4d0 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80041b2ea8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15740890 Ticks: 238 (0:00:00:03.712) Context Switch Count 299 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address 0x000007fef4e84a3c Stack Init fffff88017378dd0 Current fffff88017378750 Base fffff88017379000 Limit fffff88017373000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17378790 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffffa80`02105680 : nt!KiSwapContext+0x76 fffff880`173788d0 fffff802`b3b29c1f : 00000000`fffefffd fffffa80`02494e40 00000000`00000000 fffff802`b3ebb316 : nt!KiCommitThreadWait+0x23c fffff880`17378990 fffff802`b3ee4c70 : fffffa80`041b2ea8 fffff802`00000010 fffff8a0`02635a01 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`17378a20 fffff802`b3eb9bd4 : 00000000`60000000 000007f7`68b0a001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`17378a90 fffff802`b3ec1949 : fffffa80`0209c090 00000000`00000000 fffffa80`0209c090 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`17378b20 fffff802`b3b02d53 : fffffa80`041b2b00 fffff880`17378cc0 fffff880`17378be8 fffff6fb`7da00b90 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17378bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17378c40) 0000005c`8ebcfb08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8003625080 Cid 0cdc.0344 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable fffff8801503eb90 NotificationTimer fffffa8003db3180 SynchronizationEvent fffffa8003dd9820 SynchronizationEvent fffffa8002c46b60 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 15741127 Ticks: 1 (0:00:00:00.015) Context Switch Count 15913 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.530 Win32 Start Address cdd!PresentWorkerThread (0xfffff960008a95e8) Stack Init fffff8801503edd0 Current fffff8801503e820 Base fffff8801503f000 Limit fffff88015039000 Call 0 Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1503e860 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 842d509e`79aa0000 : nt!KiSwapContext+0x76 fffff880`1503e9a0 fffff802`b3b293cd : 00000000`00000002 00000000`0cddba5e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1503ea60 fffff960`008a99ee : ffffffff`00000004 fffff880`1503eb68 ffffffff`fffd8178 fffffa80`00000000 : nt!KeWaitForMultipleObjects+0x25d fffff880`1503eb10 fffff802`b3aab535 : fffffa80`026471b0 fffffa80`03625080 fffff901`000d1020 fffff802`b3dd9880 : cdd!PresentWorkerThread+0x406 fffff880`1503ed50 fffff802`b3ae9e16 : fffff802`b3d7f180 fffffa80`03625080 fffff802`b3dd9880 fffffa80`020b0080 : nt!PspSystemThreadStartup+0x59 fffff880`1503eda0 00000000`00000000 : fffff880`1503f000 fffff880`15039000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16 THREAD fffffa80033cc080 Cid 0cdc.0d0c Teb: 000007f768b08000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa80033cc428 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa80020b0080 Image: csrss.exe Attached Process N/A Image: N/A Wait Start TickCount 65556 Ticks: 15675572 (2:19:55:40.490) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4e21910 Stack Init fffff88017267dd0 Current fffff88017267750 Base fffff88017268000 Limit fffff88017262000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17267790 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172678d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17267990 fffff802`b3ee4c70 : fffffa80`033cc428 00000000`00000010 00000000`00000001 fffff802`b3ec9900 : nt!KeWaitForSingleObject+0x1cf fffff880`17267a20 fffff802`b3eb9bd4 : 00000000`00000000 00000000`00002001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`17267a90 fffff802`b3ec1949 : fffffa80`033c8500 00000000`00000000 fffffa80`033c8500 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`17267b20 fffff802`b3b02d53 : fffffa80`033cc080 fffff880`17267cc0 fffff880`17267be8 00000000`00000000 : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`17267bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17267c40) 0000005c`8f68f848 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa PROCESS fffffa800417d940 SessionId: 2 Cid: 0a28 Peb: 7f66fc54000 ParentCid: 0a3c DirBase: 6d36d000 ObjectTable: fffff8a00192a600 HandleCount: Image: winlogon.exe THREAD fffffa8002112b00 Cid 0a28.0520 Teb: 000007f66fc5e000 Win32Thread: fffff901000b8360 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003fcb740 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15681145 Ticks: 59983 (0:00:15:35.740) Context Switch Count 375 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.327 Win32 Start Address 0x000007f670437010 Stack Init fffff8801706fdd0 Current fffff8801706f900 Base fffff88017070000 Limit fffff8801706a000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1706f940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 ffff7cad`00000000 fffff802`b3ec9d35 : nt!KiSwapContext+0x76 fffff880`1706fa80 fffff802`b3b29c1f : 00000000`fffc0401 fffff802`b3af9959 00000000`00000000 00000004`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1706fb40 fffff802`b3ec9df6 : fffffa80`03fcb740 fffffa80`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`1706fbd0 fffff802`b3b02d53 : fffffa80`02112b00 00000000`ffffffff 00000000`00000000 fffffa80`03fcb740 : nt!NtWaitForSingleObject+0xb6 fffff880`1706fc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1706fc40) 00000059`6b71f638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001f2bb00 Cid 0a28.0d98 Teb: 000007f66fc5a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003013100 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 65543 Ticks: 15675585 (2:19:55:40.693) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017241dd0 Current fffff88017241760 Base fffff88017242000 Limit fffff8801723c000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172417a0 fffff802`b3b2d99c : 00000059`6bd3f502 00000000`00000000 fffffa80`01f2bb00 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`172418e0 fffff802`b3b38ddb : fffff8a0`03125770 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`172419a0 fffff802`b3ed0b6c : fffffa80`03013100 fffffa80`01f2bb01 00000000`00000001 00000059`6bd3f700 : nt!KeRemoveQueueEx+0x26b fffff880`17241a50 fffff802`b3b434d5 : fffffa80`03013100 00000059`6b7374e0 fffff880`17241b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17241ae0 fffff802`b3b02d53 : 00000000`00000060 00000059`6b7374e0 00000059`00000010 00000059`6bd3f7d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17241c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17241c40) 00000059`6bd3f778 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001c20b00 Cid 0a28.0bcc Teb: 000007f66fb2e000 Win32Thread: fffff901000eeb90 WAIT: (WrQueue) UserMode Alertable fffffa8003977b80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa800417d940 Image: winlogon.exe Attached Process N/A Image: N/A Wait Start TickCount 15680821 Ticks: 60307 (0:00:15:40.795) Context Switch Count 134 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801737fdd0 Current fffff8801737f760 Base fffff88017380000 Limit fffff8801737a000 Call 0 Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1737f7a0 fffff802`b3b2d99c : fffff880`1737fc20 00000000`00000000 fffffa80`01812d80 fffffa80`0183df40 : nt!KiSwapContext+0x76 fffff880`1737f8e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1737f9a0 fffff802`b3ed0b6c : fffffa80`03977b80 fffffa80`01c20b01 00000000`00000001 00000059`6bfbf700 : nt!KeRemoveQueueEx+0x26b fffff880`1737fa50 fffff802`b3b434d5 : fffffa80`03977b80 00000059`6b74e460 fffff880`1737fb80 fffffa80`01843f01 : nt!IoRemoveIoCompletion+0x4c fffff880`1737fae0 fffff802`b3b02d53 : 00000000`0000011c 00000059`6b74e460 fffff880`00000010 00000059`6bfbf700 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1737fc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1737fc40) 00000059`6bfbf6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8001f413c0 SessionId: 2 Cid: 0dac Peb: 7f7df883000 ParentCid: 0a28 DirBase: 38e80000 ObjectTable: 00000000 HandleCount: 0. Image: LogonUI.exe No active threads PROCESS fffffa8002109940 SessionId: 2 Cid: 06f8 Peb: 7f7f6aa3000 ParentCid: 0a28 DirBase: 6f209000 ObjectTable: fffff8a001ea0e40 HandleCount: Image: dwm.exe THREAD fffffa80020c9b00 Cid 06f8.06c4 Teb: 000007f7f6aae000 Win32Thread: fffff90100668710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040a7c60 SynchronizationEvent fffffa800413ac40 SynchronizationEvent fffffa80038b18c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15686357 Ticks: 54771 (0:00:14:14.433) Context Switch Count 116 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address 0x000007f7f6f45de0 Stack Init fffff88017363dd0 Current fffff88017363180 Base fffff88017364000 Limit fffff8801735e000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`173631c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 fffff960`0018cfc4 : nt!KiSwapContext+0x76 fffff880`17363300 fffff802`b3b293cd : 00000000`00000000 fffff880`17363dd0 00000000`00000000 fffff802`b3b2a825 : nt!KiCommitThreadWait+0x23c fffff880`173633c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`17363540 fffffa80`038b18c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17363470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff802`b3d7f180 : nt!ObWaitForMultipleObjects+0x29c fffff880`17363980 fffff802`b3b02d53 : fffffa80`020c9b00 000000cd`5473f698 fffff880`17363be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17363bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17363c40) 000000cd`5473f678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001db2740 Cid 06f8.00c4 Teb: 000007f7f6aaa000 Win32Thread: fffff90100664b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002761a30 Semaphore Limit 0x7fffffff fffffa80031ab3c0 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 17216 IdealProcessor: 0 UserTime 00:00:00.249 KernelTime 00:00:00.327 Win32 Start Address 0x000007f7f6f44380 Stack Init fffff8801705add0 Current fffff8801705a180 Base fffff8801705b000 Limit fffff88017055000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1705a1c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 ffff7cad`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1705a300 fffff802`b3b293cd : fffff880`1705a4d8 fffffffc`fffffffc 00000000`00000000 fffffffc`fffffffc : nt!KiCommitThreadWait+0x23c fffff880`1705a3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1705a540 fffffa80`031ab3c0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1705a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`1705a9b0 fffff901`04292000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1705a980 fffff802`b3b02d53 : fffffa80`01db2740 000000cd`56fbf698 fffff880`1705abe8 000000cd`56fbf6c0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1705abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1705ac40) 000000cd`56fbf678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001e3f680 Cid 06f8.0f30 Teb: 000007f7f6aa4000 Win32Thread: fffff9010060bb90 WAIT: (UserRequest) KernelMode Alertable fffffa8003ed20f0 NotificationEvent fffffa8003feafe0 NotificationEvent fffffa8003896670 NotificationEvent fffffa8002670e60 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741122 Ticks: 6 (0:00:00:00.093) Context Switch Count 8229 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.109 Win32 Start Address 0x000007fef2c98060 Stack Init fffff88016431dd0 Current fffff88016430ce0 Base fffff88016432000 Limit fffff8801642c000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16430d20 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffff880`16431150 : nt!KiSwapContext+0x76 fffff880`16430e60 fffff802`b3b293cd : 00000000`00000021 fffffa80`03f7f6f0 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`16430f20 fffff802`b3eca2ac : 00000000`00000004 fffff880`164310a0 fffffa80`02670e60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16430fd0 fffff802`b3eca723 : 00000000`00000004 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`164314e0 fffff802`b3b02d53 : fffffa80`01e3f680 fffff880`16431958 fffff880`16431748 fffff880`16431bd0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16431730 fffff802`b3b07f30 : fffff960`001b541e 00000000`00000001 00000000`00000000 ffffffff`ffffffff : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164317a0) fffff880`16431938 fffff960`001b541e : 00000000`00000001 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!KiServiceLinkage fffff880`16431940 fffff960`001dbe5b : 00000000`00000002 00000000`00000002 00000000`00000002 00000000`00000124 : win32k!CTokenManager::ProcessTokens+0x13f fffff880`16431a40 fffff960`001daff6 : 00000000`00000000 00000000`00000000 00000000`00000058 00000000`00000000 : win32k!CTokenManager::TokenThread+0xf7 fffff880`16431b40 fffff802`b3b02d53 : fffffa80`01e3f680 000000cd`54861bc0 00000000`00000020 fffffa80`03388980 : win32k!NtTokenManagerThread+0xae fffff880`16431c40 000007fe`f29d159a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16431c40) 000000cd`5713f898 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fe`f29d159a THREAD fffffa8001cc4b00 Cid 06f8.0960 Teb: 000007f7f6aa8000 Win32Thread: fffff9010060cb90 WAIT: (UserRequest) KernelMode Non-Alertable fffffa8003fe6318 NotificationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 14600 IdealProcessor: 0 UserTime 00:00:05.725 KernelTime 00:00:02.652 Win32 Start Address 0x000007fef2c969b0 Stack Init fffff88016423dd0 Current fffff88016423600 Base fffff88016424000 Limit fffff8801641e000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16423640 fffff802`b3b2d99c : ffff5549`35ae3046 00000000`00000000 00000000`00000000 fffff8a0`06831ce0 : nt!KiSwapContext+0x76 fffff880`16423780 fffff802`b3b29c1f : 00000000`00000000 00000000`00000001 00000000`00000000 fffffa80`01899400 : nt!KiCommitThreadWait+0x23c fffff880`16423840 fffff880`03454dca : fffffa80`03fe6318 fffff880`00000006 fffffa80`03f7fd00 fffff8a0`01531000 : nt!KeWaitForSingleObject+0x1cf fffff880`164238d0 fffff880`034533d0 : 00000000`00000000 fffff802`b3ed0f0e 00000000`00000000 000000cd`5484f3f0 : dxgkrnl!DxgkWaitForVerticalBlankEventInternal+0x4ea fffff880`16423bf0 fffff802`b3b02d53 : fffffa80`01cc4b00 fffffa80`040e89b0 fffffa80`00000000 fffffa80`040e89b0 : dxgkrnl!DxgkWaitForVerticalBlankEvent+0x90 fffff880`16423c40 000007fe`f581110a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16423c40) 000000cd`5703f628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : GDI32!NtGdiDdDDIWaitForVerticalBlankEvent+0xa THREAD fffffa8001d01080 Cid 06f8.0d08 Teb: 000007f7f6aa6000 Win32Thread: fffff901001fa830 WAIT: (UserRequest) UserMode Alertable fffffa8002dfc460 SynchronizationEvent Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15730707 Ticks: 10421 (0:00:02:42.568) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feeff5e3d0 Stack Init fffff8801627edd0 Current fffff8801627e0f0 Base fffff8801627f000 Limit fffff88016279000 Call 0 Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1627e130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1627e270 fffff802`b3b29c1f : 00000000`0000005b 00000000`0000005b 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1627e330 fffff802`b3b2943e : fffffa80`02dfc460 00000000`00000006 00000000`00000001 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`1627e3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`1627e540 fffffa80`02dfc460 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1627e470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff880`0340f210 : nt!ObWaitForMultipleObjects+0x29c fffff880`1627e980 fffff802`b3b02d53 : fffffa80`01d01080 000000cd`570bf7c8 fffff880`1627ebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1627ebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1627ec40) 000000cd`570bf7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e75680 Cid 06f8.0600 Teb: 000007f7f697c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001dde1c0 QueueObject Not impersonating DeviceMap fffff8a001f34aa0 Owning Process fffffa8002109940 Image: dwm.exe Attached Process N/A Image: N/A Wait Start TickCount 15698397 Ticks: 42731 (0:00:11:06.607) Context Switch Count 76 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170dfdd0 Current fffff880170df760 Base fffff880170e0000 Limit fffff880170da000 Call 0 Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170df7a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000001 fffff802`b3b2a825 : nt!KiSwapContext+0x76 fffff880`170df8e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`170df9a0 fffff802`b3ed0b6c : fffffa80`01dde1c0 fffffa80`03e75601 00000000`00000001 000000cd`58aff900 : nt!KeRemoveQueueEx+0x26b fffff880`170dfa50 fffff802`b3b434d5 : fffffa80`01dde1c0 000000cd`57eee970 fffff880`170dfb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`170dfae0 fffff802`b3b02d53 : 00000000`00000228 000000cd`57eee970 fffff880`00000010 000000cd`58aff900 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170dfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170dfc40) 000000cd`58aff8a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002cf71c0 SessionId: 2 Cid: 02a0 Peb: 7f7ccb0e000 ParentCid: 0220 DirBase: 0f530000 ObjectTable: fffff8a006786500 HandleCount: Image: taskhostex.exe THREAD fffffa800374a700 Cid 02a0.0980 Teb: 000007f7ccb0c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e37f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 26 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f7cd6a9608 Stack Init fffff880163b6dd0 Current fffff880163b6900 Base fffff880163b7000 Limit fffff880163b1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`163b6940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`01c17a30 00000010`5839c3b0 : nt!KiSwapContext+0x76 fffff880`163b6a80 fffff802`b3b29c1f : fffff880`163b6b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`163b6b40 fffff802`b3ec9df6 : fffffa80`03e37f20 fffff880`00000006 00000000`00000001 00000010`5839bd00 : nt!KeWaitForSingleObject+0x1cf fffff880`163b6bd0 fffff802`b3b02d53 : fffffa80`0374a700 00000000`ffffffff 00000000`00000000 fffffa80`03e37f20 : nt!NtWaitForSingleObject+0xb6 fffff880`163b6c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`163b6c40) 00000010`582bf998 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80039bbb00 Cid 02a0.0f48 Teb: 000007f7ccb08000 Win32Thread: fffff901000ecb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e1b3c0 NotificationEvent fffffa8003ec84c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 126 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f7cd6a458c Stack Init fffff880171aadd0 Current fffff880171aa180 Base fffff880171ab000 Limit fffff880171a5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171aa1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff960`0018cfc4 : nt!KiSwapContext+0x76 fffff880`171aa300 fffff802`b3b293cd : 00000001`00000000 fffffa80`017f5340 00000000`00000000 fffff880`171aa4e8 : nt!KiCommitThreadWait+0x23c fffff880`171aa3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`171aa540 fffffa80`03ec84c0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`171aa470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`171aa980 fffff802`b3b02d53 : fffffa80`039bbb00 00000010`585efa18 fffff880`171aabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`171aabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171aac40) 00000010`585ef9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80030af080 Cid 02a0.0ba0 Teb: 000007f7cc9da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800276c5f0 NotificationEvent fffffa8003f553e0 NotificationEvent IRP List: fffffa8001c26010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d7b010: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001d4aaf0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f8c310: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8001de9c10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80040dcb10: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f2fee0: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80038bb420: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa80037cd590: (0006,0118) Flags: 00060070 Mdl: 00000000 fffffa8003f49010: (0006,0118) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15680792 Ticks: 60336 (0:00:15:41.247) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef36325d8 Stack Init fffff8801720add0 Current fffff8801720a180 Base fffff8801720b000 Limit fffff88017205000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1720a1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1720a300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1720a3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1720a540 fffffa80`03f553e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1720a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`01df6300 : nt!ObWaitForMultipleObjects+0x29c fffff880`1720a980 fffff802`b3b02d53 : fffffa80`030af080 00000010`5aa5f608 fffff880`1720abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1720abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1720ac40) 00000010`5aa5f5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80031e7080 Cid 02a0.074c Teb: 000007f7cc9d8000 Win32Thread: fffff9010064a710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002771140 NotificationEvent fffffa8003931250 NotificationEvent fffffa8001df6490 NotificationEvent fffffa8001c81320 NotificationEvent fffffa8001cce1e0 NotificationEvent fffffa8001ceb320 NotificationEvent fffffa8001c94570 NotificationEvent fffffa8001c5d710 NotificationEvent fffffa8001f96370 NotificationEvent fffffa8001d0f2f0 NotificationEvent fffffa8004122ee0 NotificationEvent fffffa8002df1880 NotificationEvent fffffa80032553e0 SynchronizationEvent fffffa800210fd60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15687600 Ticks: 53528 (0:00:13:55.042) Context Switch Count 53 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef3512210 Stack Init fffff88017203dd0 Current fffff88017203180 Base fffff88017204000 Limit fffff880171fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172031c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000210 : nt!KiSwapContext+0x76 fffff880`17203300 fffff802`b3b293cd : 00000000`00000000 fffffa80`01db2740 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`172033c0 fffff802`b3eca2ac : fffff880`0000000e fffff880`17203540 fffffa80`0210fd60 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17203470 fffff802`b3eca723 : 00000000`0000000e 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17203980 fffff802`b3b02d53 : fffffa80`031e7080 00000010`5aadee98 fffff880`17203be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17203bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17203c40) 00000010`5aadee78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001cea840 Cid 02a0.0958 Teb: 000007f7ccb04000 Win32Thread: fffff90100642b90 WAIT: (WrLpcReceive) UserMode Non-Alertable fffffa8001ceabe8 Semaphore Limit 0x1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 797 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address MSCTF!CCtfServerPort::StaticServerThread (0x000007fef5d44c84) Stack Init fffff880171d2dd0 Current fffff880171d2750 Base fffff880171d3000 Limit fffff880171cd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171d2790 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000010`5839fa10 : nt!KiSwapContext+0x76 fffff880`171d28d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`171d2990 fffff802`b3ee4c70 : fffffa80`01ceabe8 fffff802`00000010 fffff8a0`016eac01 fffff802`b3ec9700 : nt!KeWaitForSingleObject+0x1cf fffff880`171d2a20 fffff802`b3eb9bd4 : 00000000`70000000 00000010`5839fa01 00000010`5839f600 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x380 fffff880`171d2a90 fffff802`b3ec1949 : fffffa80`033fa090 00000000`00000000 fffffa80`033fa090 00000000`00000000 : nt!AlpcpReceiveMessage+0x2e2 fffff880`171d2b20 fffff802`b3b02d53 : fffffa80`01cea840 fffff880`171d2cc0 fffff880`171d2be8 fffff802`b3ed0e8d : nt!NtAlpcSendWaitReceivePort+0xf9 fffff880`171d2bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171d2c40) 00000010`59ebe688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa800412a5c0 Cid 02a0.0d70 Teb: 000007f7cc9de000 Win32Thread: fffff90100648610 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa800385bc60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 214 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef1071130 Stack Init fffff8801726edd0 Current fffff8801726e5f0 Base fffff8801726f000 Limit fffff88017269000 Call 0 Priority 12 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1726e630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1726e770 fffff802`b3b29c1f : fffffa80`0412a5c0 fffffa80`03db4740 00000000`00000000 fffff802`b3d7f180 : nt!KiCommitThreadWait+0x23c fffff880`1726e830 fffff802`b3b2943e : fffffa80`0385bc60 00000000`0000000d 00000000`00000001 fffffa80`0200d700 : nt!KeWaitForSingleObject+0x1cf fffff880`1726e8c0 fffff960`00153e07 : 00000000`00000001 fffff880`1726e9e0 fffff802`b3d81f80 fffff802`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1726e970 fffff960`00154765 : fffffa80`018f0000 fffff901`00640000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`1726ea40 fffff960`00152e99 : fffff880`1726ecc0 00000000`00000100 00000000`00000001 fffffa80`00000200 : win32k!xxxSleepThread+0xc5 fffff880`1726ea90 fffff960`001545f3 : fffff880`1726ebf8 00000010`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`1726ebb0 fffff802`b3b02d53 : fffffa80`0412a5c0 000007fe`f1084160 00000000`00000020 fffffa80`039003f0 : win32k!NtUserGetMessage+0x83 fffff880`1726ec40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1726ec40) 00000010`5afbfdd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002cfab00 Cid 02a0.00dc Teb: 000007f7cc9d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80041a35c0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15681194 Ticks: 59934 (0:00:15:34.976) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88017507dd0 Current fffff88017507900 Base fffff88017508000 Limit fffff88017502000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17507940 fffff802`b3b2d99c : ffff7cad`00000001 00000000`00000000 fffff880`00000001 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`17507a80 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17507b40 fffff802`b3ec9df6 : fffffa80`041a35c0 00000000`00000006 00000000`00000001 fffff6fb`7da00200 : nt!KeWaitForSingleObject+0x1cf fffff880`17507bd0 fffff802`b3b02d53 : fffffa80`02cfab00 00000000`ffffffff 00000000`00000000 fffffa80`041a35c0 : nt!NtWaitForSingleObject+0xb6 fffff880`17507c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17507c40) 00000010`5b0bfc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003ffa900 Cid 02a0.0644 Teb: 000007f7cc9d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003b61500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736636 Ticks: 4492 (0:00:01:10.075) Context Switch Count 540 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address 0x000007feef04ad20 Stack Init fffff88015f1edd0 Current fffff88015f1e7a0 Base fffff88015f1f000 Limit fffff88015f19000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f1e7e0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f1e920 fffff802`b3b38ddb : fffffa80`0261bf20 fffff880`009e6180 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`15f1e9e0 fffff802`b3ed0b6c : fffffa80`03b61500 00000000`00000001 00000010`645cf800 fffff880`15f1eb00 : nt!KeRemoveQueueEx+0x26b fffff880`15f1ea90 fffff802`b3eafcb5 : fffffa80`03b61500 fffff880`15f1eb88 fffff880`15f1eb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15f1eb20 fffff802`b3b02d53 : fffffa80`03ffa900 00000010`645cf7a8 fffff880`15f1ebe8 00000010`5846a930 : nt!NtRemoveIoCompletion+0x135 fffff880`15f1ebd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f1ec40) 00000010`645cf788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa80036d9040 Cid 02a0.0c14 Teb: 000007f7cc9dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15736512 Ticks: 4616 (0:00:01:12.010) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003027dd0 Current fffff88003027760 Base fffff88003028000 Limit fffff88003022000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030277a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000001 ffffffff`ffffffff : nt!KiSwapContext+0x76 fffff880`030278e0 fffff802`b3b38ddb : 00000000`00000000 fffff802`00000000 00000000`00000000 fffffa80`03b46fb0 : nt!KiCommitThreadWait+0x23c fffff880`030279a0 fffff802`b3ed0b6c : fffffa80`03888240 fffffa80`036d9001 00000000`00000001 00000010`6498f600 : nt!KeRemoveQueueEx+0x26b fffff880`03027a50 fffff802`b3b434d5 : fffffa80`03888240 00000010`5839f320 fffff880`03027b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`03027ae0 fffff802`b3b02d53 : 00000000`00000088 00000010`5839f320 00000000`00000010 00000010`6498f610 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03027c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03027c40) 00000010`6498f5b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002685440 Cid 02a0.0e70 Teb: 000007f7cc9d4000 Win32Thread: fffff901042861b0 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15737277 Ticks: 3851 (0:00:01:00.075) Context Switch Count 22 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e14dd0 Current fffff88014e14760 Base fffff88014e15000 Limit fffff88014e0f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e147a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000001 : nt!KiSwapContext+0x76 fffff880`14e148e0 fffff802`b3b38ddb : fffffa80`02cfa260 fffffa80`02685440 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14e149a0 fffff802`b3ed0b6c : fffffa80`03888240 fffffa80`02685401 00000000`00000001 00000010`64f4f900 : nt!KeRemoveQueueEx+0x26b fffff880`14e14a50 fffff802`b3b434d5 : fffffa80`03888240 00000010`5846dc30 fffff880`14e14b80 fffff802`b3b74a30 : nt!IoRemoveIoCompletion+0x4c fffff880`14e14ae0 fffff802`b3b02d53 : 00000000`00000088 00000010`5846dc30 00000000`00000010 00000010`64f4f9c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e14c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e14c40) 00000010`64f4f968 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d6f700 Cid 02a0.0da8 Teb: 000007f7cc9ce000 Win32Thread: fffff901042b3b90 WAIT: (WrQueue) UserMode Alertable fffffa8003888240 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cf71c0 Image: taskhostex.exe Attached Process N/A Image: N/A Wait Start TickCount 15740914 Ticks: 214 (0:00:00:03.338) Context Switch Count 43 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e30dd0 Current fffff88014e30760 Base fffff88014e31000 Limit fffff88014e2b000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e307a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000001 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`14e308e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`14e30b78 : nt!KiCommitThreadWait+0x23c fffff880`14e309a0 fffff802`b3ed0b6c : fffffa80`03888240 fffffa80`02d6f701 00000000`00000001 00000010`6504f700 : nt!KeRemoveQueueEx+0x26b fffff880`14e30a50 fffff802`b3b434d5 : fffffa80`03888240 00000010`646ed920 fffff880`14e30b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`14e30ae0 fffff802`b3b02d53 : 00000000`00000088 00000010`646ed920 00000010`00000010 00000010`6504f760 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e30c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e30c40) 00000010`6504f708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8003ed3600 SessionId: 2 Cid: 0d68 Peb: 7f68f17f000 ParentCid: 0824 DirBase: 40d5c000 ObjectTable: fffff8a006897040 HandleCount: Image: explorer.exe THREAD fffffa8001e3a480 Cid 0d68.0cb4 Teb: 000007f68f17d000 Win32Thread: fffff9010064ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003efb930 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738182 Ticks: 2946 (0:00:00:45.957) Context Switch Count 7313 IdealProcessor: 0 UserTime 00:00:00.218 KernelTime 00:00:00.249 Win32 Start Address 0x000007f68f699430 Stack Init fffff8801724fdd0 Current fffff8801724f770 Base fffff88017250000 Limit fffff8801724a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1724f7b0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`000000fd fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`1724f8f0 fffff802`b3b29c1f : fffffa80`03db4700 fffff802`b3b4aac4 00000000`00000000 fffff901`0064ae58 : nt!KiCommitThreadWait+0x23c fffff880`1724f9b0 fffff802`b3b2943e : fffffa80`03efb930 fffffa80`0000000d fffffa80`03db4801 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1724fa40 fffff960`00153e07 : 00000000`00000001 fffff880`1724fb60 fffff880`1724fcc0 fffff802`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1724faf0 fffff960`00154765 : 00000000`00d50000 fffff901`00640000 00000000`00003cff fffff802`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`1724fbc0 fffff960`001f0c6f : fffff880`1724fcc0 000007f6`8f660000 00000000`00000001 00000000`000200a4 : win32k!xxxSleepThread+0xc5 fffff880`1724fc10 fffff802`b3b02d53 : fffffa80`01e3a480 00000000`00c9a520 00000000`00000000 fffffa80`0263c940 : win32k!NtUserWaitMessage+0x40 fffff880`1724fc40 000007fe`f56c29aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1724fc40) 00000000`00c0f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserWaitMessage+0xa THREAD fffffa80037b4080 Cid 0d68.0638 Teb: 000007f68f179000 Win32Thread: fffff9010063e5b0 RUNNING on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 18325 IdealProcessor: 0 UserTime 00:00:00.280 KernelTime 00:00:00.405 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880159e3fd0 Current fffff880171fc7f0 Base fffff880159e4000 Limit fffff880159de000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159e39b0 fffff960`001862d3 : fffff901`008243c0 fffff880`159e3bb0 00000000`00000000 fffff880`159e3bb0 : win32k!xxxInternalDoPaint+0x19 fffff880`159e3a00 fffff960`001862d3 : fffff901`00822fb0 00000000`00000000 fffff880`159e3b70 00000000`00000000 : win32k!xxxInternalDoPaint+0x43 fffff880`159e3a50 fffff960`001862d3 : fffff901`0081dd70 00000000`00000000 00000000`00000038 00000000`034af558 : win32k!xxxInternalDoPaint+0x43 fffff880`159e3aa0 fffff960`001862d3 : fffff901`0081dbe0 00000000`0000c02b 00000000`00000012 00000000`000e041e : win32k!xxxInternalDoPaint+0x43 fffff880`159e3af0 fffff960`001862d3 : fffff901`00821760 fffff880`159e3d88 00000000`00030000 00000000`00000003 : win32k!xxxInternalDoPaint+0x43 fffff880`159e3b40 fffff960`001862d3 : fffff901`00800830 00000000`00000000 fffff880`159e3bb0 00000000`00000000 : win32k!xxxInternalDoPaint+0x43 fffff880`159e3b90 fffff960`0018608c : fffff901`0063e5b0 00000000`00000000 00000000`00000001 00000000`00000000 : win32k!xxxInternalDoPaint+0x43 fffff880`159e3be0 fffff960`001532e3 : fffff901`0063e5b0 fffff880`159e3ec0 00000000`00000000 00000000`00000220 : win32k!xxxDoPaint+0x4c fffff880`159e3c20 fffff960`00225974 : fffff880`159e3d88 00000000`00000000 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0xa73 fffff880`159e3d40 fffff802`b3b02d53 : fffffa80`037b4080 00000000`034af5b8 fffff880`159e3de8 00000000`fffffffe : win32k!NtUserRealInternalGetMessage+0x74 fffff880`159e3dd0 000007fe`f56c1b4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159e3e40) 00000000`034af598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserRealInternalGetMessage+0xa THREAD fffffa8002794b00 Cid 0d68.0428 Teb: 000007f68f177000 Win32Thread: fffff90103e90b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040783f0 SynchronizationEvent fffffa8003fb6690 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880171d9dd0 Current fffff880171d9180 Base fffff880171da000 Limit fffff880171d4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171d91c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`171d9300 fffff802`b3b293cd : 00000000`00000000 fffffa80`025feec0 00000000`00000000 fffffa80`02677de0 : nt!KiCommitThreadWait+0x23c fffff880`171d93c0 fffff802`b3eca2ac : ffff818c`00000002 fffff880`171d9540 fffffa80`03fb6690 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`171d9470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`00632af0 : nt!ObWaitForMultipleObjects+0x29c fffff880`171d9980 fffff802`b3b02d53 : fffffa80`02794b00 00000000`0353f2b8 fffff880`171d9be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`171d9bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171d9c40) 00000000`0353f298 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80033fc480 Cid 0d68.0964 Teb: 000007f68f04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2bca0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739761 Ticks: 1367 (0:00:00:21.325) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880172b5dd0 Current fffff880172b50f0 Base fffff880172b6000 Limit fffff880172b0000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`172b5130 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172b5270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`172b5330 fffff802`b3b2943e : fffffa80`03f2bca0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`172b53c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`172b5540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`172b5470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`172b5980 fffff802`b3b02d53 : fffffa80`033fc480 00000000`046fef88 fffff880`172b5be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`172b5bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172b5c40) 00000000`046fef68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018d2500 Cid 0d68.096c Teb: 000007f68f04e000 Win32Thread: fffff90103ec63a0 WAIT: (UserRequest) UserMode Alertable fffffa800203eaf0 NotificationEvent fffffa8001ff8b30 NotificationEvent fffffa80020a75a0 NotificationEvent fffffa8001fec130 NotificationEvent fffffa800399b060 NotificationEvent fffffa8001c36280 NotificationEvent fffffa8003a05650 NotificationEvent fffffa800413d460 NotificationEvent fffffa8001e8bfb8 NotificationEvent fffffa800269c680 NotificationEvent fffffa8002634130 NotificationEvent fffffa800203e1e0 NotificationEvent fffffa800203e160 NotificationEvent fffffa8003fedc70 NotificationEvent fffffa80018f4160 NotificationEvent fffffa8002c4c700 NotificationEvent fffffa8001f0c420 NotificationEvent fffffa8003fa6f90 NotificationEvent fffffa8001d1bfe0 NotificationEvent fffffa80039615b0 NotificationEvent fffffa80030b3140 NotificationEvent fffffa8001ddb490 NotificationEvent fffffa8003612970 NotificationEvent fffffa8003808740 NotificationEvent fffffa800276aad0 NotificationEvent fffffa8003dc7a10 NotificationEvent fffffa800267f550 NotificationEvent fffffa8002637fe0 NotificationEvent fffffa80036a1940 NotificationEvent fffffa8001fa0930 NotificationEvent fffffa8004030d70 NotificationEvent fffffa8003f8bfe0 NotificationEvent fffffa8001f25b10 NotificationEvent fffffa8003f94060 NotificationEvent fffffa8002632690 NotificationEvent fffffa8002df12f0 SynchronizationEvent IRP List: fffffa80021b7c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e22150: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c3af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80036c8550: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800338b830: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001e3ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d85c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003707c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80037f5310: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80027ff7c0: (0006,01f0) Flags: 00060000 Mdl: fffffa800205ad00 fffffa80033981f0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003856810: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8004159c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800392fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f7cc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003f80480: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001ebac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15731604 Ticks: 9524 (0:00:02:28.575) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880172cfdd0 Current fffff880172cf180 Base fffff880172d0000 Limit fffff880172ca000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172cf1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`172cf300 fffff802`b3b293cd : fffffa80`00000000 fffff802`b3a432a1 00000000`00000000 fffff802`b3b2a326 : nt!KiCommitThreadWait+0x23c fffff880`172cf3c0 fffff802`b3eca2ac : fffff880`00000024 fffff880`172cf540 fffffa80`02df12f0 fffffff6`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`172cf470 fffff802`b3eca723 : 00000000`00000024 00000000`00000001 00000000`00000000 fffff802`b3b2d9db : nt!ObWaitForMultipleObjects+0x29c fffff880`172cf980 fffff802`b3b02d53 : fffffa80`018d2500 00000000`0477f238 fffff880`172cfbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`172cfbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172cfc40) 00000000`0477f218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003f0ca00 Cid 0d68.03b4 Teb: 000007f68f048000 Win32Thread: fffff90103ede780 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 83236 IdealProcessor: 0 UserTime 00:00:05.101 KernelTime 00:00:04.976 Win32 Start Address 0x000007fef0033564 Stack Init fffff8801729ddd0 Current fffff8801729d7d0 Base fffff8801729e000 Limit fffff88017298000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1729d810 fffff802`b3b4ada2 : 00000000`00000000 00000000`00000000 fffffa80`03f0ca00 fffffa80`01880000 : nt!KiSwapContext+0x76 fffff880`1729d950 fffff802`b3b2bb35 : fffffa80`00000002 00000000`0000000d fffffa80`0200d700 00000000`0000000d : nt!KeReleaseSemaphoreEx+0x562 fffff880`1729d9d0 fffff802`b3b3a4d2 : fffffa80`03f0ca00 00000000`00000001 fffffa80`0263ee02 fffffa80`0200d760 : nt!ExpReleaseResourceForThreadLite+0x6f3 fffff880`1729daa0 fffff960`001f0b40 : fffffa80`0263ee70 00000000`00000000 00000000`00000000 fffffa80`0263eea0 : nt!ExReleaseResourceAndLeavePriorityRegion+0x12 fffff880`1729dad0 fffff960`00133024 : 00000000`00000000 00000000`00000000 fffff880`1729dcc0 00000000`0491fca0 : win32k!ClientGetMessageMPH+0x60 fffff880`1729db40 fffff802`b3b02d53 : fffffa80`03f0ca00 00000000`0491fc08 fffff880`1729dbe8 00000000`00fdc250 : win32k!NtUserPeekMessage+0x124 fffff880`1729dbd0 000007fe`f56c120a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1729dc40) 00000000`0491fbe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserPeekMessage+0xa THREAD fffffa8001cf9080 Cid 0d68.0ea0 Teb: 000007f68f046000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c96ae0 SynchronizationTimer fffffa8001c9ff60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 72 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee5e31060 Stack Init fffff880172e4dd0 Current fffff880172e4180 Base fffff880172e5000 Limit fffff880172df000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`172e41c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 40661358`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172e4300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`172e43c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`172e4540 fffffa80`01c9ff60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`172e4470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3ef63ca : nt!ObWaitForMultipleObjects+0x29c fffff880`172e4980 fffff802`b3b02d53 : fffffa80`01cf9080 00000000`04c5f348 fffff880`172e4be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`172e4bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172e4c40) 00000000`04c5f328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003841740 Cid 0d68.03a0 Teb: 000007f68f040000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffff802b3d181e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee5f06ed4 Stack Init fffff880172dddd0 Current fffff880172dc030 Base fffff880172de000 Limit fffff880172d8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172dc070 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172dc1b0 fffff802`b3b29c1f : dd8fdf8d`dd8cd7f0 d5b9d7b0`d590dff8 00000000`00000000 f596f796`f598dfb9 : nt!KiCommitThreadWait+0x23c fffff880`172dc270 fffff802`b3e76e16 : fffff802`b3d181e0 fffff880`00000006 00e3e3e3`00e3e301 00000000`00000700 : nt!KeWaitForSingleObject+0x1cf fffff880`172dc300 fffff802`b3e85ef4 : fffffa80`03841740 fffff880`172dd9c0 fffffa80`040d8b00 fffffa80`002ddf50 : nt!ExpFindFastCacheDescriptor+0x602e fffff880`172dd810 fffff802`b3b44f15 : fffff880`172ddc40 fffffa80`00f37980 00000000`00000000 fffffa80`00f417f0 : nt!ExpQueryLicenseValueFromBlob+0xed fffff880`172dd850 fffff802`b3b45ea5 : fffff802`b3e85ed0 fffff880`172dd9c0 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0xe5 fffff880`172dd950 fffff802`b3e99164 : 00000000`00000001 fffff8a0`065d9068 00000000`00000000 fffffa80`00f37980 : nt!KeExpandKernelStackAndCalloutEx+0x25 fffff880`172dd990 fffff802`b3e91807 : fffff880`00000732 fffff880`172ddcc0 00000000`00000000 00000000`000007ff : nt!SepFilterPrivilegeAudits+0x324 fffff880`172dd9f0 fffff802`b3e994ad : 00000000`04ddf700 00000000`00000000 00000000`00000000 00000000`c0000016 : nt!SepFilterPrivilegeAudits+0x237 fffff880`172ddaa0 fffff802`b3b02d53 : fffffa80`03841740 00000000`00d27790 00000000`00000001 fffff880`172ddc40 : nt!NtSetSystemInformation+0x220 fffff880`172ddc40 000007fe`f7ec443b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172ddc40) 00000000`04ddf358 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtSetSystemInformation+0xa THREAD fffffa8003fdb940 Cid 0d68.0af8 Teb: 000007f68f03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003bd0060 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017340dd0 Current fffff88017340900 Base fffff88017341000 Limit fffff8801733b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17340940 fffff802`b3b2d99c : fffffa80`03fdb940 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17340a80 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffff802`b3d7f180 : nt!KiCommitThreadWait+0x23c fffff880`17340b40 fffff802`b3ec9df6 : fffffa80`03bd0060 fffff880`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`17340bd0 fffff802`b3b02d53 : fffffa80`03fdb940 00000000`ffffffff 00000000`00000000 fffffa80`03bd0060 : nt!NtWaitForSingleObject+0xb6 fffff880`17340c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17340c40) 00000000`04f5f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c4d800 Cid 0d68.0204 Teb: 000007f68f038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003dc8060 NotificationEvent fffffa8001cdd210 SynchronizationEvent fffffa80040db060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef0c16208 Stack Init fffff8801735cdd0 Current fffff8801735c180 Base fffff8801735d000 Limit fffff88017357000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1735c1c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1735c300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`1735c3c0 fffff802`b3eca2ac : 00000000`00000003 fffff880`1735c540 fffffa80`040db060 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1735c470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff8a0`015f4988 : nt!ObWaitForMultipleObjects+0x29c fffff880`1735c980 fffff802`b3b02d53 : fffffa80`01c4d800 00000000`04fdf608 fffff880`1735cbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1735cbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1735cc40) 00000000`04fdf5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001c30b00 Cid 0d68.0218 Teb: 000007f68f036000 Win32Thread: fffff90103efeb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80031e8060 SynchronizationEvent fffffa8002c9d760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15726086 Ticks: 15042 (0:00:03:54.656) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address DUI70!DirectUI::StyleSheetCache::CCacheThread::s_ThreadProc (0x000007fef220cb24) Stack Init fffff88017430dd0 Current fffff88017430180 Base fffff88017431000 Limit fffff8801742b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174301c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17430300 fffff802`b3b293cd : fffffa80`03ef0820 00000001`03ef0820 00000000`00000000 fffffa80`0276ba20 : nt!KiCommitThreadWait+0x23c fffff880`174303c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17430540 fffffa80`02c9d760 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17430470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`17430a80 : nt!ObWaitForMultipleObjects+0x29c fffff880`17430980 fffff802`b3b02d53 : fffffa80`01c30b00 00000000`0505f6c8 fffff880`17430be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17430bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17430c40) 00000000`0505f6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80040cc4c0 Cid 0d68.0200 Teb: 000007f68f030000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa800385be90 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feea6433c0 Stack Init fffff8801758edd0 Current fffff8801758e180 Base fffff8801758f000 Limit fffff88017589000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1758e1c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1758e300 fffff802`b3b293cd : 00000000`01000000 00000000`00000001 00000000`00000000 fffff880`1758e9a0 : nt!KiCommitThreadWait+0x23c fffff880`1758e3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1758e540 fffffa80`0385be90 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1758e470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00100000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1758e980 fffff802`b3b02d53 : fffffa80`040cc4c0 00000000`05d8fa98 fffff880`1758ebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1758ebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1758ec40) 00000000`05d8fa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003098380 Cid 0d68.0ecc Teb: 000007f68f028000 Win32Thread: fffff90103efa680 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003618060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 21 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88017484dd0 Current fffff880174845f0 Base fffff88017485000 Limit fffff8801747f000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17484630 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`17484770 fffff802`b3b29c1f : fffffa80`021c7a00 fffffa80`040dec40 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17484830 fffff802`b3b2943e : fffffa80`03618060 fffff8a0`0000000d 00000000`fffeff01 fffffa80`036b5b00 : nt!KeWaitForSingleObject+0x1cf fffff880`174848c0 fffff960`00153e07 : fffffa80`00000001 fffff880`174849e0 fffffa80`031f7b40 fffff8a0`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`17484970 fffff960`00154765 : fffff901`03ff0000 fffff901`03ef0000 00000000`00003dff fffff8a0`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`17484a40 fffff960`00152e99 : fffff880`17484cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`17484a90 fffff960`001545f3 : fffff880`17484bf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`17484bb0 fffff802`b3b02d53 : fffffa80`03098380 00000000`0000000a 00000000`00000020 fffffa80`0399c270 : win32k!NtUserGetMessage+0x83 fffff880`17484c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17484c40) 00000000`07defb78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002196600 Cid 0d68.01bc Teb: 000007f68f024000 Win32Thread: fffff90103f00b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d6bdc0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 24 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801753cdd0 Current fffff8801753c5f0 Base fffff8801753d000 Limit fffff88017537000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1753c630 fffff802`b3b2d99c : ffff7cad`47cdbeaa 00000000`00000000 fffffa80`02196740 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`1753c770 fffff802`b3b29c1f : fffffa80`021c7a00 fffffa80`040dec40 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1753c830 fffff802`b3b2943e : fffffa80`01d6bdc0 fffff8a0`0000000d 00000000`fffeff01 fffffa80`036b5b00 : nt!KeWaitForSingleObject+0x1cf fffff880`1753c8c0 fffff960`00153e07 : fffffa80`00000001 fffff880`1753c9e0 fffffa80`031f7b40 fffff8a0`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1753c970 fffff960`00154765 : fffff901`03ff0000 fffff901`03f00000 00000000`00003dff fffff8a0`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`1753ca40 fffff960`00152e99 : fffff880`1753ccc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`1753ca90 fffff960`001545f3 : fffff880`1753cbf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`1753cbb0 fffff802`b3b02d53 : fffffa80`02196600 00000000`0000000a 00000000`00000020 fffffa80`0399c270 : win32k!NtUserGetMessage+0x83 fffff880`1753cc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1753cc40) 00000000`07eef938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002d88b00 Cid 0d68.0390 Teb: 000007f68f022000 Win32Thread: fffff90103f00710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80038b9220 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738781 Ticks: 2347 (0:00:00:36.613) Context Switch Count 303 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8801748bdd0 Current fffff8801748b5f0 Base fffff8801748c000 Limit fffff88017486000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1748b630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`1748b770 fffff802`b3b29c1f : fffff157`9143014b 00000050`00000000 00000000`00000000 00000002`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1748b830 fffff802`b3b2943e : fffffa80`038b9220 fffff802`0000000d 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1748b8c0 fffff960`00153e07 : 00000000`00000001 fffff880`1748b9e0 00000000`00000000 fffff802`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`1748b970 fffff960`00154765 : fffffa80`018f0000 fffff901`03f00000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`1748ba40 fffff960`00152e99 : fffff880`1748bcc0 00000000`00000100 00000000`00000001 fffff901`00000d68 : win32k!xxxSleepThread+0xc5 fffff880`1748ba90 fffff960`001545f3 : fffff880`1748bbf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`1748bbb0 fffff802`b3b02d53 : fffffa80`02d88b00 000007fe`f7ca6ab0 00000000`00000020 fffffa80`0263c940 : win32k!NtUserGetMessage+0x83 fffff880`1748bc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1748bc40) 00000000`07f7fad8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa80040667c0 Cid 0d68.0d3c Teb: 000007f68f026000 Win32Thread: fffff90103f08b90 READY on processor 0 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 3843 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.062 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801747ddd0 Current fffff8801747d700 Base fffff8801747e000 Limit fffff88017478000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1747d740 fffff802`b3bc5258 : 0000000d`00000001 fffff880`1747d969 fffffa80`037b4080 fffffa80`040667c0 : nt!KxDispatchInterrupt+0x118 fffff880`1747d880 fffff802`b3b73cee : fffff880`1747dcc0 00000000`00000018 00000000`00000000 fffff802`b3ef2bd1 : nt!KiDpcInterrupt+0xc8 (TrapFrame @ fffff880`1747d880) fffff880`1747da10 fffff802`b3b3a37b : fffffa80`040667c0 fffffa80`040667c0 fffffa80`040667c0 ffffffff`ffb3b4c0 : nt!ExpUnlockResource+0x3e fffff880`1747da40 fffff960`001f0b8e : 00000000`00000002 00000000`00000000 fffff880`1747dcc0 00000000`07e6f820 : nt!ExEnterPriorityRegionAndAcquireResourceExclusive+0x18b fffff880`1747dad0 fffff960`00133024 : 00000000`00000000 00000000`07e6f690 fffff880`1747dcc0 00000000`07e6f820 : win32k!ClientGetMessageMPH+0xae fffff880`1747db40 fffff802`b3b02d53 : fffffa80`040667c0 00000000`07e6f788 fffff880`1747dbe8 000007fe`e5ef5540 : win32k!NtUserPeekMessage+0x124 fffff880`1747dbd0 000007fe`f56c120a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1747dc40) 00000000`07e6f768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserPeekMessage+0xa THREAD fffffa80040b9080 Cid 0d68.01cc Teb: 000007f68f01e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80024ca960 SynchronizationEvent fffffa80033ff260 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739009 Ticks: 2119 (0:00:00:33.056) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880174aedd0 Current fffff880174ae180 Base fffff880174af000 Limit fffff880174a9000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174ae1c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000001 fffff802`b3d0d000 : nt!KiSwapContext+0x76 fffff880`174ae300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`174ae3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`174ae540 fffffa80`033ff260 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`174ae470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02049000 : nt!ObWaitForMultipleObjects+0x29c fffff880`174ae980 fffff802`b3b02d53 : fffffa80`040b9080 00000000`0824f108 fffff880`174aebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`174aebd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174aec40) 00000000`0824f0e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001e0ab00 Cid 0d68.08f0 Teb: 000007f68f014000 Win32Thread: fffff90103f38b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372b290 SynchronizationEvent fffffa8003ba06d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740203 Ticks: 925 (0:00:00:14.430) Context Switch Count 326 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801597afd0 Current fffff8801597a380 Base fffff8801597b000 Limit fffff88015975000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1597a3c0 fffff802`b3b2d99c : fffff6fb`00000001 00000000`00000000 ffff7cad`00000001 fffffaff`00000000 : nt!KiSwapContext+0x76 fffff880`1597a500 fffff802`b3b293cd : fffff680`0001b900 fffffa80`0012a590 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1597a5c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1597a740 fffffa80`03ba06d0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1597a670 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3b07f30 : nt!ObWaitForMultipleObjects+0x29c fffff880`1597ab80 fffff802`b3b02d53 : fffffa80`01e0ab00 00000000`0a04f298 fffff880`1597ade8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1597add0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1597ae40) 00000000`0a04f278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8004148b00 Cid 0d68.0d84 Teb: 000007f68f012000 Win32Thread: fffff90103f4ab90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80037ad890 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15715274 Ticks: 25854 (0:00:06:43.324) Context Switch Count 63 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880174d6dd0 Current fffff880174d65f0 Base fffff880174d7000 Limit fffff880174d1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174d6630 fffff802`b3b2d99c : ffff7cad`47d31eaa 00000000`00000000 fffffa80`04148c40 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`174d6770 fffff802`b3b29c1f : fffffa80`021c7a00 fffffa80`03f3d300 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`174d6830 fffff802`b3b2943e : fffffa80`037ad890 fffff8a0`0000000d 00000000`fffeff01 fffffa80`036b5b00 : nt!KeWaitForSingleObject+0x1cf fffff880`174d68c0 fffff960`00153e07 : fffffa80`00000001 fffff880`174d69e0 fffffa80`031f7b40 fffff8a0`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`174d6970 fffff960`00154765 : fffff901`04170000 fffff901`03f40000 00000000`00003dff fffff8a0`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`174d6a40 fffff960`00152e99 : fffff880`174d6cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`174d6a90 fffff960`001545f3 : fffff880`174d6bf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`174d6bb0 fffff802`b3b02d53 : fffffa80`04148b00 00000000`0000000a 00000000`00000020 fffffa80`02d75060 : win32k!NtUserGetMessage+0x83 fffff880`174d6c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174d6c40) 00000000`0a0cfbe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8001d5c040 Cid 0d68.0e14 Teb: 000007f68f00e000 Win32Thread: fffff90100754010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002c46d50 NotificationEvent fffffa8001d09470 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801657add0 Current fffff8801657a180 Base fffff8801657b000 Limit fffff88016575000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1657a1c0 fffff802`b3b2d99c : fffffa80`01d5c040 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1657a300 fffff802`b3b293cd : 00000001`01d5c040 fffffa80`01815010 00000000`00000000 fffff880`1657a4e8 : nt!KiCommitThreadWait+0x23c fffff880`1657a3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1657a540 fffffa80`01d09470 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1657a470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1657a980 fffff802`b3b02d53 : fffffa80`01d5c040 00000000`0a6ff5d8 fffff880`1657abe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1657abd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1657ac40) 00000000`0a6ff5b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001f46b00 Cid 0d68.0890 Teb: 000007f68eff0000 Win32Thread: fffff90104041010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002036fe0 NotificationEvent fffffa80033981c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 331 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174e4dd0 Current fffff880174e4180 Base fffff880174e5000 Limit fffff880174df000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174e41c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174e4300 fffff802`b3b293cd : fffffa80`03b3f670 fffff880`00000006 00000000`00000000 00000000`00000700 : nt!KiCommitThreadWait+0x23c fffff880`174e43c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`174e4540 fffffa80`033981c0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`174e4470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`036b5b80 : nt!ObWaitForMultipleObjects+0x29c fffff880`174e4980 fffff802`b3b02d53 : fffffa80`01f46b00 00000000`0ae7f538 fffff880`174e4be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`174e4bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174e4c40) 00000000`0ae7f518 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002ce1b00 Cid 0d68.0394 Teb: 000007f68efe8000 Win32Thread: fffff90103f74750 WAIT: (WrQueue) UserMode Non-Alertable fffffa8003989500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15736244 Ticks: 4884 (0:00:01:16.190) Context Switch Count 80 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4645990 Stack Init fffff88017595dd0 Current fffff880175957a0 Base fffff88017596000 Limit fffff88017590000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`175957e0 fffff802`b3b2d99c : fffffa80`02003e10 00000000`00000000 fffffa80`02df2b05 fffffa80`20206f49 : nt!KiSwapContext+0x76 fffff880`17595920 fffff802`b3b38ddb : fffffa80`02003e10 fffff802`b3ac211e 00000000`00000000 fffff880`00000020 : nt!KiCommitThreadWait+0x23c fffff880`175959e0 fffff802`b3ed0b6c : fffffa80`03989500 00000000`00000001 00000000`0b07fe00 fffff880`17595b00 : nt!KeRemoveQueueEx+0x26b fffff880`17595a90 fffff802`b3eafcb5 : fffffa80`03989500 fffff880`17595b88 fffff880`17595b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17595b20 fffff802`b3b02d53 : fffffa80`02ce1b00 00000000`0b07fde8 fffff880`17595be8 000007f6`8efe8000 : nt!NtRemoveIoCompletion+0x135 fffff880`17595bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17595c40) 00000000`0b07fdc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8002ce7080 Cid 0d68.0ff4 Teb: 000007f68efe6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa80041a5fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feea6433c0 Stack Init fffff880175a3dd0 Current fffff880175a3180 Base fffff880175a4000 Limit fffff8801759e000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175a31c0 fffff802`b3b2d99c : fffffa80`02ce7080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175a3300 fffff802`b3b293cd : 00000000`01000000 00000000`00000001 00000000`00000000 fffff880`175a39a0 : nt!KiCommitThreadWait+0x23c fffff880`175a33c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`175a3540 fffffa80`041a5fe0 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175a3470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00100000 : nt!ObWaitForMultipleObjects+0x29c fffff880`175a3980 fffff802`b3b02d53 : fffffa80`02ce7080 00000000`0b0ff598 fffff880`175a3be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175a3bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175a3c40) 00000000`0b0ff578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002cda240 Cid 0d68.0f4c Teb: 000007f68efe4000 Win32Thread: fffff901000ebb90 WAIT: (UserRequest) UserMode Alertable fffffa8001821a30 NotificationEvent fffffa8001c4c060 SynchronizationTimer fffffa8003f8bd90 NotificationEvent fffffa800381b300 NotificationEvent fffffa800209b4e0 SynchronizationEvent fffffa8002da6590 SynchronizationEvent fffffa800213cd30 SynchronizationEvent IRP List: fffffa8001ebc010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f86c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038b4c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001cf3430: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001d8ec10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800417fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f98af0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002d2f010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80041304d0: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8001f6fc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003e36010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002067c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa80038fd010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002c64010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800379d010: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003de0c10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8002e56430: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1960 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175aadd0 Current fffff880175aa180 Base fffff880175ab000 Limit fffff880175a5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175aa1c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175aa300 fffff802`b3b293cd : 00000000`00000000 fffff880`175aa4d8 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`175aa3c0 fffff802`b3eca2ac : fffffa80`00000007 fffff880`175aa540 fffffa80`0213cd30 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175aa470 fffff802`b3eca723 : 00000000`00000007 00000000`00000001 00000000`00000000 fffffa80`036b5b80 : nt!ObWaitForMultipleObjects+0x29c fffff880`175aa980 fffff802`b3b02d53 : fffffa80`02cda240 00000000`0b17f598 fffff880`175aabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175aabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175aac40) 00000000`0b17f578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002cd4240 Cid 0d68.0d5c Teb: 000007f68efe2000 Win32Thread: fffff901000ddb90 WAIT: (UserRequest) UserMode Alertable fffffa8003d84060 SynchronizationEvent fffffa8003efb780 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15734768 Ticks: 6360 (0:00:01:39.216) Context Switch Count 420 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff880175f9dd0 Current fffff880175f9180 Base fffff880175fa000 Limit fffff880175f4000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175f91c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175f9300 fffff802`b3b293cd : fffffa80`036e9870 00000000`00000006 00000000`00000000 00000000`00000800 : nt!KiCommitThreadWait+0x23c fffff880`175f93c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`175f9540 fffffa80`03efb780 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175f9470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3d7f180 : nt!ObWaitForMultipleObjects+0x29c fffff880`175f9980 fffff802`b3b02d53 : fffffa80`02cd4240 00000000`0b69f238 fffff880`175f9be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175f9bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175f9c40) 00000000`0b69f218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002cb7080 Cid 0d68.030c Teb: 000007f68efe0000 Win32Thread: fffff9010061e6f0 WAIT: (UserRequest) UserMode Alertable fffffa800403fcb0 SynchronizationEvent fffffa8003ff4be0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 62 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801719cdd0 Current fffff8801719c180 Base fffff8801719d000 Limit fffff88017197000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1719c1c0 fffff802`b3b2d99c : fffffa80`02cb7080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1719c300 fffff802`b3b293cd : fffffa80`03840ea0 00000000`00000006 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1719c3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1719c540 fffffa80`03ff4be0 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1719c470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`036b5b80 : nt!ObWaitForMultipleObjects+0x29c fffff880`1719c980 fffff802`b3b02d53 : fffffa80`02cb7080 00000000`0b74f108 fffff880`1719cbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1719cbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1719cc40) 00000000`0b74f0e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003066b00 Cid 0d68.0e90 Teb: 000007f68efde000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002036060 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738482 Ticks: 2646 (0:00:00:41.277) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address wlanapi!NotificationApcThreadProc (0x000007fef03bba00) Stack Init fffff880175bedd0 Current fffff880175be900 Base fffff880175bf000 Limit fffff880175b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`175be940 fffff802`b3b2d99c : ffff7cad`47c593da 00000000`00000000 fffff880`175becc0 fffff802`b3ae988f : nt!KiSwapContext+0x76 fffff880`175bea80 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`175beb40 fffff802`b3ec9df6 : fffffa80`02036060 fffff880`00000006 00000000`00000001 fffff6fb`7da0ff00 : nt!KeWaitForSingleObject+0x1cf fffff880`175bebd0 fffff802`b3b02d53 : fffffa80`03066b00 00000000`ffffffff 00000000`00000000 fffffa80`02036060 : nt!NtWaitForSingleObject+0xb6 fffff880`175bec40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175bec40) 00000000`0b60fde8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80020fb880 Cid 0d68.0a40 Teb: 000007f68efda000 Win32Thread: fffff901040b3750 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8001fd55d0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feea6433c0 Stack Init fffff880175dbdd0 Current fffff880175db180 Base fffff880175dc000 Limit fffff880175d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175db1c0 fffff802`b3b2d99c : fffffa80`020fb880 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175db300 fffff802`b3b293cd : fffff880`175db610 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`175db3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`175db540 fffffa80`01fd55d0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175db470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`175dbb20 : nt!ObWaitForMultipleObjects+0x29c fffff880`175db980 fffff802`b3b02d53 : fffffa80`020fb880 00000000`0bd5fa38 fffff880`175dbbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175dbbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175dbc40) 00000000`0bd5fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e41080 Cid 0d68.09f8 Teb: 000007f68efd8000 Win32Thread: fffff901000e96f0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001ed83d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88000fdbdd0 Current fffff88000fdb5f0 Base fffff88000fdc000 Limit fffff88000fd6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`00fdb630 fffff802`b3b2d99c : fffffa80`03e41080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00fdb770 fffff802`b3b29c1f : 00000000`00000000 fffffa80`03e41080 00000000`00000000 fffff960`00000000 : nt!KiCommitThreadWait+0x23c fffff880`00fdb830 fffff802`b3b2943e : fffffa80`01ed83d0 00000000`0000000d 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`00fdb8c0 fffff960`00153e07 : fffff901`00000001 fffff880`00fdb9e0 00000000`00c818d8 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`00fdb970 fffff960`00154765 : fffff880`00fd0000 fffff901`000e0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`00fdba40 fffff960`00152e99 : fffff880`00fdbcc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`00fdba90 fffff960`001545f3 : fffff880`00fdbbf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`00fdbbb0 fffff802`b3b02d53 : fffffa80`03e41080 00000000`00001002 00000000`00000020 00000000`00000000 : win32k!NtUserGetMessage+0x83 fffff880`00fdbc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fdbc40) 00000000`0bddf858 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002744640 Cid 0d68.03c4 Teb: 000007f68efd6000 Win32Thread: fffff90103fc0750 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d16ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800099bdd0 Current fffff8800099b5f0 Base fffff8800099c000 Limit fffff88000996000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`0099b630 fffff802`b3b2d99c : fffffa80`02744640 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`0099b770 fffff802`b3b29c1f : 00000000`00000000 00000000`00010224 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`0099b830 fffff802`b3b2943e : fffffa80`01d16ce0 00000000`0000000d fffff880`0099b901 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`0099b8c0 fffff960`00153e07 : 00000000`00000001 fffff880`0099b9e0 00000010`0e964140 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`0099b970 fffff960`00154765 : fffff901`000e0000 fffff901`03fc0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`0099ba40 fffff960`00152e99 : fffff880`0099bcc0 00000000`00000100 00000000`00000001 fffff802`00000000 : win32k!xxxSleepThread+0xc5 fffff880`0099ba90 fffff960`001545f3 : fffff880`0099bbf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`0099bbb0 fffff802`b3b02d53 : fffffa80`02744640 000007fe`ed810000 00000000`00000020 fffff880`0099bc40 : win32k!NtUserGetMessage+0x83 fffff880`0099bc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0099bc40) 00000000`0be5fa18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8003600380 Cid 0d68.0280 Teb: 000007f68efd4000 Win32Thread: fffff90103f66b90 WAIT: (UserRequest) UserMode Alertable fffffa80024c64c0 SynchronizationEvent IRP List: fffffa8002eadc10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa8003000010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15728588 Ticks: 12540 (0:00:03:15.625) Context Switch Count 193 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88014e8bdd0 Current fffff88014e8b0f0 Base fffff88014e8c000 Limit fffff88014e86000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14e8b130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 fffff802`b3a34325 : nt!KiSwapContext+0x76 fffff880`14e8b270 fffff802`b3b29c1f : fffff880`00000000 00000000`00000001 00000000`00000000 fffff880`14e8b610 : nt!KiCommitThreadWait+0x23c fffff880`14e8b330 fffff802`b3b2943e : fffffa80`024c64c0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`14e8b3c0 fffff802`b3eca2ac : 00000000`00000001 fffff880`14e8b540 fffff880`14e8bb10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`14e8b470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3d7f180 : nt!ObWaitForMultipleObjects+0x29c fffff880`14e8b980 fffff802`b3b02d53 : fffffa80`03600380 00000000`0bf2f298 fffff880`14e8bbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`14e8bbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e8bc40) 00000000`0bf2f278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800212ea80 Cid 0d68.0c90 Teb: 000007f68efd2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800402f9e0 NotificationEvent fffffa8003bb5250 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feea6433c0 Stack Init fffff88000fd4dd0 Current fffff88000fd4180 Base fffff88000fd5000 Limit fffff88000fcf000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`00fd41c0 fffff802`b3b2d99c : fffffa80`0212ea80 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00fd4300 fffff802`b3b293cd : 00000000`01000000 00000000`00000001 00000000`00000000 fffff880`00fd49a0 : nt!KiCommitThreadWait+0x23c fffff880`00fd43c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`00fd4540 fffffa80`03bb5250 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`00fd4470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00100000 : nt!ObWaitForMultipleObjects+0x29c fffff880`00fd4980 fffff802`b3b02d53 : fffffa80`0212ea80 00000000`0bfff978 fffff880`00fd4be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`00fd4bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fd4c40) 00000000`0bfff958 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001c9bb00 Cid 0d68.0c04 Teb: 000007f68f173000 Win32Thread: fffff90103f78710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800403fd30 SynchronizationEvent fffffa80020b0f60 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712531 Ticks: 28597 (0:00:07:26.116) Context Switch Count 1912 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801550bfd0 Current fffff8801550b380 Base fffff8801550c000 Limit fffff88015506000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1550b3c0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff802`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1550b500 fffff802`b3b293cd : fffff680`00064f28 fffffa80`0004cad0 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1550b5c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1550b740 fffffa80`020b0f60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1550b670 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02660040 : nt!ObWaitForMultipleObjects+0x29c fffff880`1550bb80 fffff802`b3b02d53 : fffffa80`01c9bb00 00000000`0c07f588 fffff880`1550bde8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1550bdd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1550be40) 00000000`0c07f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800366cb00 Cid 0d68.0de4 Teb: 000007f68efd0000 Win32Thread: fffff90103fb4b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8001d33ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737617 Ticks: 3511 (0:00:00:54.771) Context Switch Count 121 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8800306add0 Current fffff8800306a5f0 Base fffff8800306b000 Limit fffff88003065000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`0306a630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`0306a770 fffff802`b3b29c1f : 00000000`ffffffff fffffa80`03db48b0 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`0306a830 fffff802`b3b2943e : fffffa80`01d33ce0 00000000`0000000d 00000000`00000001 fffffa80`0200d700 : nt!KeWaitForSingleObject+0x1cf fffff880`0306a8c0 fffff960`00153e07 : fffff901`00000001 fffff880`0306a9e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`0306a970 fffff960`00154765 : fffff901`04150000 fffff901`03fb0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`0306aa40 fffff960`00152e99 : fffff880`0306acc0 00000000`00000100 00000000`00000001 fffff901`00000000 : win32k!xxxSleepThread+0xc5 fffff880`0306aa90 fffff960`001545f3 : fffff880`0306abf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`0306abb0 fffff802`b3b02d53 : fffffa80`0366cb00 00000000`00000208 00000000`00000020 00000000`00000000 : win32k!NtUserGetMessage+0x83 fffff880`0306ac40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0306ac40) 00000000`0c7bfbf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8001d90080 Cid 0d68.0c44 Teb: 000007f68f175000 Win32Thread: fffff90104013950 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003ec2f50 SynchronizationEvent fffffa80041640f0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6890 IdealProcessor: 0 UserTime 00:00:00.390 KernelTime 00:00:00.702 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003086fd0 Current fffff88003086380 Base fffff88003087000 Limit fffff88003081000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030863c0 fffff802`b3b2d99c : fffff802`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03086500 fffff802`b3b293cd : fffffa80`01d90080 fffff802`b3b29c1f 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`030865c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`03086740 fffffa80`041640f0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03086670 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`009e6180 : nt!ObWaitForMultipleObjects+0x29c fffff880`03086b80 fffff802`b3b02d53 : fffffa80`01d90080 00000000`0af9f1e8 fffff880`03086de8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03086dd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03086e40) 00000000`0af9f1c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d75b00 Cid 0d68.0d44 Teb: 000007f68f01c000 Win32Thread: fffff901006e9b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8004142a10 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88015eeddd0 Current fffff88015eed5f0 Base fffff88015eee000 Limit fffff88015ee8000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15eed630 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff802`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`15eed770 fffff802`b3b29c1f : fffffa80`021c7a00 fffffa80`040dec40 00000000`00000000 fffffa80`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15eed830 fffff802`b3b2943e : fffffa80`04142a10 fffff8a0`0000000d 00000000`fffeff01 fffffa80`036b5b00 : nt!KeWaitForSingleObject+0x1cf fffff880`15eed8c0 fffff960`00153e07 : fffffa80`00000001 fffff880`15eed9e0 fffffa80`031f7b40 fffff8a0`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`15eed970 fffff960`00154765 : fffff901`04130000 fffff901`006e0000 00000000`00003dff fffff8a0`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`15eeda40 fffff960`00152e99 : fffff880`15eedcc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`15eeda90 fffff960`001545f3 : fffff880`15eedbf8 00000000`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`15eedbb0 fffff802`b3b02d53 : fffffa80`01d75b00 00000000`0000000a 00000000`00000020 fffffa80`038670e0 : win32k!NtUserGetMessage+0x83 fffff880`15eedc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15eedc40) 00000000`0942fd98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa800213c800 Cid 0d68.0f08 Teb: 000007f68f006000 Win32Thread: fffff90103f6ab90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject IRP List: fffffa80041e8010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735451 Ticks: 5677 (0:00:01:28.561) Context Switch Count 397 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014f8edd0 Current fffff88014f8e760 Base fffff88014f8f000 Limit fffff88014f89000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`14f8e7a0 fffff802`b3b2d99c : 00000000`1256f702 00000000`00000000 fffffa80`020c5c70 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f8e8e0 fffff802`b3b38ddb : fffff8a0`07f82cf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`14f8e9a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`0213c801 00000000`00000001 00000000`1256f900 : nt!KeRemoveQueueEx+0x26b fffff880`14f8ea50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`0a12a2e0 fffff880`14f8eb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`14f8eae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`0a12a2e0 00000000`00000010 00000000`1256f980 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14f8ec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f8ec40) 00000000`1256f928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002e56b00 Cid 0d68.0140 Teb: 000007f68f000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f4e080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880164b6dd0 Current fffff880164b6760 Base fffff880164b7000 Limit fffff880164b1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`164b67a0 fffff802`b3b2d99c : fffffa80`02e56b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164b68e0 fffff802`b3b38ddb : fffff8a0`084cd950 fffff880`164b6cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`164b69a0 fffff802`b3ed0b6c : fffffa80`01f4e080 fffffa80`02e56b01 00000000`00000001 00000000`12bdfa00 : nt!KeRemoveQueueEx+0x26b fffff880`164b6a50 fffff802`b3b434d5 : fffffa80`01f4e080 00000000`0a129460 fffff880`164b6b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`164b6ae0 fffff802`b3b02d53 : 00000000`00001918 00000000`0a129460 00000000`00000010 00000000`12bdfaa0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`164b6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`164b6c40) 00000000`12bdfa48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002cdf300 Cid 0d68.0854 Teb: 000007f68f03c000 Win32Thread: fffff90103f544e0 READY on processor 1 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 443 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe2dd0 Current fffff88000fe2760 Base fffff88000fe3000 Limit fffff88000fdd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`00fe27a0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 fffff8a0`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00fe28e0 fffff802`b3b38ddb : 00000000`00000000 fffff880`00fe29b0 00000000`00000000 00000000`00000680 : nt!KiCommitThreadWait+0x23c fffff880`00fe29a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`02cdf301 00000000`00000001 00000000`11ccf500 : nt!KeRemoveQueueEx+0x26b fffff880`00fe2a50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`078a04f0 fffff880`00fe2b80 fffff802`b3b2a538 : nt!IoRemoveIoCompletion+0x4c fffff880`00fe2ae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`078a04f0 fffff880`00000010 00000000`11ccf5b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`00fe2c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fe2c40) 00000000`11ccf558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003fdc840 Cid 0d68.0fd8 Teb: 000007f68f04c000 Win32Thread: fffff9010419eb90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15739713 Ticks: 1415 (0:00:00:22.074) Context Switch Count 387 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170a1dd0 Current fffff880170a1760 Base fffff880170a2000 Limit fffff8801709c000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170a17a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`170a18e0 fffff802`b3b38ddb : 00000000`0789ef30 fffff802`b3b43240 00000000`00000000 fffff880`170a1a10 : nt!KiCommitThreadWait+0x23c fffff880`170a19a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`03fdc801 00000000`00000001 00000000`16fefa00 : nt!KeRemoveQueueEx+0x26b fffff880`170a1a50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`0789ef30 fffff880`170a1b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`170a1ae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`0789ef30 00000000`00000010 00000000`16fefa60 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170a1c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170a1c40) 00000000`16fefa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020aeb00 Cid 0d68.0804 Teb: 000007f68f032000 Win32Thread: fffff90104195530 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738504 Ticks: 2624 (0:00:00:40.934) Context Switch Count 206 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017102dd0 Current fffff88017102760 Base fffff88017103000 Limit fffff880170fd000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171027a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`020aeea8 fffff880`17102aa8 : nt!KiSwapContext+0x76 fffff880`171028e0 fffff802`b3b38ddb : 00000000`60000000 fffff880`17102a70 00000000`00000000 00000000`00cf14f8 : nt!KiCommitThreadWait+0x23c fffff880`171029a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`020aeb01 00000000`00000001 00000000`17b1f700 : nt!KeRemoveQueueEx+0x26b fffff880`17102a50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`0a1290c0 fffff880`17102b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17102ae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`0a1290c0 fffff880`00000010 00000000`17b1f720 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17102c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17102c40) 00000000`17b1f6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003095240 Cid 0d68.0438 Teb: 000007f68f034000 Win32Thread: fffff901040a05b0 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738591 Ticks: 2537 (0:00:00:39.577) Context Switch Count 171 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173ccdd0 Current fffff880173cc760 Base fffff880173cd000 Limit fffff880173c7000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173cc7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`030955e8 fffff880`173ccaa8 : nt!KiSwapContext+0x76 fffff880`173cc8e0 fffff802`b3b38ddb : 00000000`60000000 fffff880`173cca70 00000000`00000000 00000000`00cf14f8 : nt!KiCommitThreadWait+0x23c fffff880`173cc9a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`03095201 00000000`00000001 00000000`12abf500 : nt!KeRemoveQueueEx+0x26b fffff880`173cca50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`0a129f40 fffff880`173ccb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`173ccae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`0a129f40 fffff880`00000010 00000000`12abf5d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173ccc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173ccc40) 00000000`12abf578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002692700 Cid 0d68.0dc0 Teb: 000007f68f02e000 Win32Thread: fffff901042fb010 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740848 Ticks: 280 (0:00:00:04.368) Context Switch Count 338 IdealProcessor: 0 UserTime 00:00:00.078 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173dbdd0 Current fffff880173db760 Base fffff880173dc000 Limit fffff880173d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173db7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`173db8e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`173db9a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`02692701 00000000`00000001 00000000`1495f700 : nt!KeRemoveQueueEx+0x26b fffff880`173dba50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`0a12a680 fffff880`173dbb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`173dbae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`0a12a680 00000000`00000010 00000000`1495f740 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173dbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173dbc40) 00000000`1495f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80033cd080 Cid 0d68.09e4 Teb: 000007f68f020000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15735437 Ticks: 5691 (0:00:01:28.780) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017437dd0 Current fffff88017437760 Base fffff88017438000 Limit fffff88017432000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174377a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffff880`17437aa8 : nt!KiSwapContext+0x76 fffff880`174378e0 fffff802`b3b38ddb : 00000000`00000000 fffff880`17437a70 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`174379a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`033cd001 00000000`00000001 00000000`17c5f800 : nt!KeRemoveQueueEx+0x26b fffff880`17437a50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`07876b50 fffff880`17437b80 00000000`7ffe03c0 : nt!IoRemoveIoCompletion+0x4c fffff880`17437ae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`07876b50 00000000`00000010 00000000`17c5f8a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17437c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17437c40) 00000000`17c5f848 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800219b080 Cid 0d68.0a6c Teb: 000007f68f01a000 Win32Thread: fffff90100625b90 WAIT: (WrQueue) UserMode Alertable fffffa8002ef3280 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15738573 Ticks: 2555 (0:00:00:39.858) Context Switch Count 140 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801743edd0 Current fffff8801743e760 Base fffff8801743f000 Limit fffff88017439000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1743e7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1743e8e0 fffff802`b3b38ddb : fffff901`03f142a0 fffff802`b3cf72ba 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`1743e9a0 fffff802`b3ed0b6c : fffffa80`02ef3280 fffffa80`0219b001 00000000`00000001 00000000`18eafd00 : nt!KeRemoveQueueEx+0x26b fffff880`1743ea50 fffff802`b3b434d5 : fffffa80`02ef3280 00000000`117459f0 fffff880`1743eb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`1743eae0 fffff802`b3b02d53 : 00000000`0000019c 00000000`117459f0 00000000`00000010 00000000`18eafd00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1743ec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1743ec40) 00000000`18eafca8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002161080 Cid 0d68.09fc Teb: 000007f68f17b000 Win32Thread: fffff9010412ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002634c10 SynchronizationEvent fffffa8002cf2e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15737843 Ticks: 3285 (0:00:00:51.246) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address UxTheme!CManagerImpl::s_ThreadProc (0x000007fef3c98fc0) Stack Init fffff8801751cdd0 Current fffff8801751c180 Base fffff8801751d000 Limit fffff88017517000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1751c1c0 fffff802`b3b2d99c : 001f0003`00000001 00000000`00000000 fffffa80`00000000 00000000`001f0003 : nt!KiSwapContext+0x76 fffff880`1751c300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 ffff7cad`47cfbb1a : nt!KiCommitThreadWait+0x23c fffff880`1751c3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1751c540 fffffa80`02cf2e90 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1751c470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff880`1751c9b0 : nt!ObWaitForMultipleObjects+0x29c fffff880`1751c980 fffff802`b3b02d53 : fffffa80`02161080 00000000`1789f998 fffff880`1751cbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1751cbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1751cc40) 00000000`1789f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001ebe040 Cid 0d68.0edc Teb: 000007f68f044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Alertable fffffa8004001540 SynchronizationEvent fffff88014e4cbe0 NotificationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003ed3600 Image: explorer.exe Attached Process N/A Image: N/A Wait Start TickCount 15740978 Ticks: 150 (0:00:00:02.340) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!RtlpWnfNotificationThread (0x000007fef7f005bc) Stack Init fffff88014e4cdd0 Current fffff88014e4c8a0 Base fffff88014e4d000 Limit fffff88014e47000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e4c8e0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14e4ca20 fffff802`b3b293cd : 00000000`000000fc fffff802`b3b2ef3b 00000000`00000000 ffffffff`fd050f80 : nt!KiCommitThreadWait+0x23c fffff880`14e4cae0 fffff802`b3e2c9ac : fffff8a0`00000002 fffff880`14e4cbd0 00000000`00000000 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`14e4cb90 fffff802`b3b02d53 : fffffa80`01ebe040 fffff880`14e4ccc0 00000000`00002000 00000000`00000000 : nt!NtWaitForWnfNotifications+0x15c fffff880`14e4cc40 000007fe`f7ec469b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e4cc40) 00000000`0983d978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWnfNotifications+0xa PROCESS fffffa8001fe8940 SessionId: 2 Cid: 0bdc Peb: 7f6bc9cc000 ParentCid: 0288 DirBase: 09f57000 ObjectTable: fffff8a002742440 HandleCount: Image: LiveComm.exe THREAD fffffa8002492800 Cid 0bdc.0be8 Teb: 000007f6bc9ce000 Win32Thread: fffff90103f742d0 WAIT: (WrAlertByThreadId) UserMode Non-Alertable 000007fee8ad5c10 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6bd873b24 Stack Init fffff88017499dd0 Current fffff88017499970 Base fffff8801749a000 Limit fffff88017494000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174999b0 fffff802`b3b2d99c : fffffa80`02492800 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17499af0 fffff802`b3adf817 : 00000000`00000000 00000000`00000000 0000001e`5b61cf00 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17499bb0 fffff802`b3ea4e5e : fffffa80`02492800 00000000`00000000 000007fe`e8ad5c10 0000001e`5b5bb220 : nt!KeWaitForAlertByThreadId+0x13b fffff880`17499c10 fffff802`b3b02d53 : 00000000`00000008 00000000`00000000 fffff880`17499c01 fffff880`17499c40 : nt!NtWaitForAlertByThreadId+0x2a fffff880`17499c40 000007fe`f7ec466b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17499c40) 0000001e`5b40f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForAlertByThreadId+0xa THREAD fffffa8001efeb00 Cid 0bdc.07b8 Teb: 000007f6bc9ca000 Win32Thread: fffff90103f66710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003db2740 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736425 Ticks: 4703 (0:00:01:13.367) Context Switch Count 260 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015833dd0 Current fffff88015833900 Base fffff88015834000 Limit fffff8801582e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`15833940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000001 fffffa80`01c110a0 : nt!KiSwapContext+0x76 fffff880`15833a80 fffff802`b3b29c1f : 00000000`00000000 fffffa80`01c11064 00000000`00000000 fffffa80`01c11060 : nt!KiCommitThreadWait+0x23c fffff880`15833b40 fffff802`b3ec9df6 : fffffa80`03db2740 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15833bd0 fffff802`b3b02d53 : fffffa80`01efeb00 00000000`ffffffff 00000000`00000000 fffffa80`03db2740 : nt!NtWaitForSingleObject+0xb6 fffff880`15833c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15833c40) 0000001e`5b58f328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c8cb00 Cid 0bdc.0450 Teb: 000007f6bc9c8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e796d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpLogger (0x000007fef7f46168) Stack Init fffff8801583add0 Current fffff8801583a900 Base fffff8801583b000 Limit fffff88015835000 Call 0 Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1583a940 fffff802`b3b2d99c : fffffa80`01c8cb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1583aa80 fffff802`b3b29c1f : 00000000`79517350 fffff880`1583ab60 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1583ab40 fffff802`b3ec9df6 : fffffa80`03e796d0 00000000`00000006 00000000`00000001 fffff6fb`7da00300 : nt!KeWaitForSingleObject+0x1cf fffff880`1583abd0 fffff802`b3b02d53 : fffffa80`01c8cb00 00000000`00000000 00000000`00000000 fffffa80`03e796d0 : nt!NtWaitForSingleObject+0xb6 fffff880`1583ac40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1583ac40) 0000001e`5b78fdb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c7f080 Cid 0bdc.0e84 Teb: 000007f6bc9c4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e888f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740524 Ticks: 604 (0:00:00:09.422) Context Switch Count 8 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015841dd0 Current fffff880158410f0 Base fffff88015842000 Limit fffff8801583c000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`15841130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15841270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15841330 fffff802`b3b2943e : fffffa80`03e888f0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158413c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`15841540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`15841470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`15841980 fffff802`b3b02d53 : fffffa80`01c7f080 0000001e`6111f2f8 fffff880`15841be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15841bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15841c40) 0000001e`6111f2d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002d2a200 Cid 0bdc.0e3c Teb: 000007f6bc89e000 Win32Thread: fffff90100600b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c176c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736493 Ticks: 4635 (0:00:01:12.306) Context Switch Count 1391 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e06dd0 Current fffff88014e06900 Base fffff88014e07000 Limit fffff88014e01000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`14e06940 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff8a0`00000001 fffff880`14e06ac0 : nt!KiSwapContext+0x76 fffff880`14e06a80 fffff802`b3b29c1f : 00000000`00000001 fffff880`14e06cc0 00000000`00000000 fffff802`b3ee3634 : nt!KiCommitThreadWait+0x23c fffff880`14e06b40 fffff802`b3ec9df6 : fffffa80`01c176c0 0000001e`00000006 00000000`00000001 0000001e`61797200 : nt!KeWaitForSingleObject+0x1cf fffff880`14e06bd0 fffff802`b3b02d53 : fffffa80`02d2a200 00000000`ffffffff 00000000`00000000 fffffa80`01c176c0 : nt!NtWaitForSingleObject+0xb6 fffff880`14e06c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e06c40) 0000001e`6128f598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800260d080 Cid 0bdc.05d4 Teb: 000007f6bc89c000 Win32Thread: fffff90103f54b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740403 Ticks: 725 (0:00:00:11.310) Context Switch Count 470 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801584fdd0 Current fffff8801584f760 Base fffff88015850000 Limit fffff8801584a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`1584f7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`1584f8e0 fffff802`b3b38ddb : fffffa80`03969e40 fffff802`b3e8eae7 00000000`00000000 fffff880`1584fa60 : nt!KiCommitThreadWait+0x23c fffff880`1584f9a0 fffff802`b3ed0b6c : fffffa80`033a9080 fffffa80`0260d001 00000000`00000001 0000001e`6140f900 : nt!KeRemoveQueueEx+0x26b fffff880`1584fa50 fffff802`b3b434d5 : fffffa80`033a9080 0000001e`5b5d66e0 fffff880`1584fb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1584fae0 fffff802`b3b02d53 : 00000000`0000016c 0000001e`5b5d66e0 0000001e`00000010 0000001e`6140f930 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1584fc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1584fc40) 0000001e`6140f8d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80031f2b00 Cid 0bdc.003c Teb: 000007f6bc89a000 Win32Thread: fffff901000ef570 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject IRP List: fffffa8003ed5010: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa8003f18c10: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 546 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015848dd0 Current fffff88015848760 Base fffff88015849000 Limit fffff88015843000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`158487a0 fffff802`b3b2d99c : 0000001e`00000000 00000000`00000000 fffffa80`00000001 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`158488e0 fffff802`b3b38ddb : fffff8a0`0253c3c0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`158489a0 fffff802`b3ed0b6c : fffffa80`033a9080 fffffa80`031f2b01 00000000`00000001 0000001e`6148f500 : nt!KeRemoveQueueEx+0x26b fffff880`15848a50 fffff802`b3b434d5 : fffffa80`033a9080 0000001e`5b5c43e0 fffff880`15848b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`15848ae0 fffff802`b3b02d53 : 00000000`0000016c 0000001e`5b5c43e0 0000001e`00000010 0000001e`6148f5c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15848c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15848c40) 0000001e`6148f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80040e8b00 Cid 0bdc.01c0 Teb: 000007f6bc896000 Win32Thread: fffff90103f72b90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736400 Ticks: 4728 (0:00:01:13.757) Context Switch Count 139 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017579dd0 Current fffff88017579760 Base fffff8801757a000 Limit fffff88017574000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`175797a0 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000001 fffff802`b3b31057 : nt!KiSwapContext+0x76 fffff880`175798e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`175799a0 fffff802`b3ed0b6c : fffffa80`033a9080 fffffa80`040e8b01 00000000`00000001 0000001e`6158f900 : nt!KeRemoveQueueEx+0x26b fffff880`17579a50 fffff802`b3b434d5 : fffffa80`033a9080 0000001e`5b65adf0 fffff880`17579b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`17579ae0 fffff802`b3b02d53 : 00000000`0000016c 0000001e`5b65adf0 fffff880`00000010 0000001e`6158f9d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17579c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17579c40) 0000001e`6158f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020c5b00 Cid 0bdc.0168 Teb: 000007f6bc894000 Win32Thread: fffff90103f6cb90 WAIT: (WrQueue) UserMode Alertable fffffa80033a9080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 784 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801585ddd0 Current fffff8801585d760 Base fffff8801585e000 Limit fffff88015858000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`1585d7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff802`b3d7f180 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`1585d8e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`1585db78 : nt!KiCommitThreadWait+0x23c fffff880`1585d9a0 fffff802`b3ed0b6c : fffffa80`033a9080 fffffa80`020c5b01 00000000`00000001 0000001e`6160fd00 : nt!KeRemoveQueueEx+0x26b fffff880`1585da50 fffff802`b3b434d5 : fffffa80`033a9080 0000001e`5b65ba30 fffff880`1585db80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1585dae0 fffff802`b3b02d53 : 00000000`0000016c 0000001e`5b65ba30 0000001e`00000010 0000001e`6160fd00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1585dc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1585dc40) 0000001e`6160fca8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002054400 Cid 0bdc.0870 Teb: 000007f6bc890000 Win32Thread: fffff90103fe5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f4e4d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736195 Ticks: 4933 (0:00:01:16.955) Context Switch Count 234 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015872dd0 Current fffff88015872900 Base fffff88015873000 Limit fffff8801586d000 Call 0 Priority 12 BasePriority 8 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`15872940 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffff880`00000000 fffff880`15872ac0 : nt!KiSwapContext+0x76 fffff880`15872a80 fffff802`b3b29c1f : 00000000`00000001 fffff880`15872cc0 00000000`00000000 fffff802`b3ee3634 : nt!KiCommitThreadWait+0x23c fffff880`15872b40 fffff802`b3ec9df6 : fffffa80`03f4e4d0 0000001e`00000006 00000000`00000001 0000001e`2192ca00 : nt!KeWaitForSingleObject+0x1cf fffff880`15872bd0 fffff802`b3b02d53 : fffffa80`02054400 00000000`ffffffff 00000000`00000000 fffffa80`03f4e4d0 : nt!NtWaitForSingleObject+0xb6 fffff880`15872c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15872c40) 0000001e`6170ed58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80039d1b00 Cid 0bdc.0cc8 Teb: 000007f6bc88c000 Win32Thread: fffff90100624b90 WAIT: (WrQueue) UserMode Alertable fffffa8003bdc500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 592 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015879dd0 Current fffff88015879760 Base fffff8801587a000 Limit fffff88015874000 Call 0 Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`158797a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffff880`15879aa8 : nt!KiSwapContext+0x76 fffff880`158798e0 fffff802`b3b38ddb : 00000000`60000000 fffff880`15879a70 00000000`00000000 0000001e`5b659c28 : nt!KiCommitThreadWait+0x23c fffff880`158799a0 fffff802`b3ed0b6c : fffffa80`03bdc500 fffffa80`039d1b01 00000000`00000001 0000001e`6190f500 : nt!KeRemoveQueueEx+0x26b fffff880`15879a50 fffff802`b3b434d5 : fffffa80`03bdc500 0000001e`5b677150 fffff880`15879b80 fffffa80`03fa6e80 : nt!IoRemoveIoCompletion+0x4c fffff880`15879ae0 fffff802`b3b02d53 : 00000000`00000378 0000001e`5b677150 fffff880`00000010 0000001e`6190f5d0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15879c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15879c40) 0000001e`6190f578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001ec1080 Cid 0bdc.0a10 Teb: 000007f6bc88a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003768f60 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735435 Ticks: 5693 (0:00:01:28.811) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880154a2dd0 Current fffff880154a2900 Base fffff880154a3000 Limit fffff8801549d000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`154a2940 fffff802`b3b2d99c : fffffa80`01ec1080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`154a2a80 fffff802`b3b29c1f : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`03768f00 : nt!KiCommitThreadWait+0x23c fffff880`154a2b40 fffff802`b3ec9df6 : fffffa80`03768f60 fffff802`00000006 00000000`00000001 fffffa80`03768f00 : nt!KeWaitForSingleObject+0x1cf fffff880`154a2bd0 fffff802`b3b02d53 : fffffa80`01ec1080 00000000`ffffffff 00000000`00000000 fffffa80`03768f60 : nt!NtWaitForSingleObject+0xb6 fffff880`154a2c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154a2c40) 0000001e`61d1fbf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c49080 Cid 0bdc.0e18 Teb: 000007f6bc888000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa80027fb080 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736491 Ticks: 4637 (0:00:01:12.337) Context Switch Count 44 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880154b7dd0 Current fffff880154b77a0 Base fffff880154b8000 Limit fffff880154b2000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`154b77e0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`154b7920 fffff802`b3b38ddb : fffffa80`036a4c70 fffff802`b3d7f180 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`154b79e0 fffff802`b3ed0b6c : fffffa80`027fb080 00000000`00000001 0000001e`6311f800 fffff880`154b7b00 : nt!KeRemoveQueueEx+0x26b fffff880`154b7a90 fffff802`b3eafcb5 : fffffa80`027fb080 fffff880`154b7b88 fffff880`154b7b80 fffffa80`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`154b7b20 fffff802`b3b02d53 : fffffa80`01c49080 0000001e`6311f828 fffff880`154b7be8 0000001e`61f71a80 : nt!NtRemoveIoCompletion+0x135 fffff880`154b7bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154b7c40) 0000001e`6311f808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8001d4f4c0 Cid 0bdc.0e34 Teb: 000007f6bc884000 Win32Thread: fffff90103fba290 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001eef290 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736136 Ticks: 4992 (0:00:01:17.875) Context Switch Count 555 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015902dd0 Current fffff88015902900 Base fffff88015903000 Limit fffff880158fd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`15902940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000000 fffff880`15902ac0 : nt!KiSwapContext+0x76 fffff880`15902a80 fffff802`b3b29c1f : 00000000`00000001 fffff880`15902cc0 00000000`00000000 fffff802`b3ee3634 : nt!KiCommitThreadWait+0x23c fffff880`15902b40 fffff802`b3ec9df6 : fffffa80`01eef290 0000001e`00000006 00000000`00000001 0000001e`5b79b800 : nt!KeWaitForSingleObject+0x1cf fffff880`15902bd0 fffff802`b3b02d53 : fffffa80`01d4f4c0 00000000`ffffffff 00000000`00000000 fffffa80`01eef290 : nt!NtWaitForSingleObject+0xb6 fffff880`15902c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15902c40) 0000001e`2153f2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001e41080 Cid 0bdc.0b68 Teb: 000007f6bc882000 Win32Thread: fffff90100703010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015909dd0 Current fffff88015909760 Base fffff8801590a000 Limit fffff88015904000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`159097a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000001 fffff880`15909aa8 : nt!KiSwapContext+0x76 fffff880`159098e0 fffff802`b3b38ddb : 00000000`60000000 fffff880`15909a70 00000000`00000000 0000001e`5b659c28 : nt!KiCommitThreadWait+0x23c fffff880`159099a0 fffff802`b3ed0b6c : fffffa80`0418c880 fffffa80`01e41001 00000000`00000001 0000001e`215bf700 : nt!KeRemoveQueueEx+0x26b fffff880`15909a50 fffff802`b3b434d5 : fffffa80`0418c880 0000001e`61fd7e30 fffff880`15909b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`15909ae0 fffff802`b3b02d53 : 00000000`00000224 0000001e`61fd7e30 0000001e`00000010 0000001e`215bf720 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15909c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15909c40) 0000001e`215bf6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80040a8600 Cid 0bdc.0988 Teb: 000007f6bc880000 Win32Thread: fffff90100701010 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736367 Ticks: 4761 (0:00:01:14.272) Context Switch Count 69 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155a4dd0 Current fffff880155a4760 Base fffff880155a5000 Limit fffff8801559f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`155a47a0 fffff802`b3b2d99c : fffffa80`040a0001 00000000`00000000 fffff880`155a49c9 ffffffff`ffffffff : nt!KiSwapContext+0x76 fffff880`155a48e0 fffff802`b3b38ddb : 00000000`00000000 fffff880`00000000 00000000`00000000 fffffa80`03b46fb0 : nt!KiCommitThreadWait+0x23c fffff880`155a49a0 fffff802`b3ed0b6c : fffffa80`0418c880 fffffa80`040a8601 00000000`00000001 0000001e`2177f700 : nt!KeRemoveQueueEx+0x26b fffff880`155a4a50 fffff802`b3b434d5 : fffffa80`0418c880 0000001e`61ff45f0 fffff880`155a4b80 fffff802`b3b3f01c : nt!IoRemoveIoCompletion+0x4c fffff880`155a4ae0 fffff802`b3b02d53 : 00000000`00000224 0000001e`61ff45f0 00000000`00000010 0000001e`2177f7e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155a4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155a4c40) 0000001e`2177f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e5a780 Cid 0bdc.08b8 Teb: 000007f6bc87e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80021944e0 NotificationEvent IRP List: fffffa80020a1330: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736915 Ticks: 4213 (0:00:01:05.723) Context Switch Count 109 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88014faadd0 Current fffff88014faa900 Base fffff88014fab000 Limit fffff88014fa5000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`14faa940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 fffff802`b3b2c272 : nt!KiSwapContext+0x76 fffff880`14faaa80 fffff802`b3b29c1f : fffff880`14faabe8 0000001e`224ef0c8 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x23c fffff880`14faab40 fffff802`b3ec9df6 : fffffa80`021944e0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`14faabd0 fffff802`b3b02d53 : fffffa80`01e5a780 00000000`00000004 fffff880`14faac18 fffffa80`021944e0 : nt!NtWaitForSingleObject+0xb6 fffff880`14faac40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14faac40) 0000001e`224ef028 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003648480 Cid 0bdc.0cbc Teb: 000007f6bc87c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8002ef0700 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740662 Ticks: 466 (0:00:00:07.269) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171b6dd0 Current fffff880171b6760 Base fffff880171b7000 Limit fffff880171b1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`171b67a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`171b68e0 fffff802`b3b38ddb : fffff8a0`07f581f0 fffff880`171b6cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`171b69a0 fffff802`b3ed0b6c : fffffa80`02ef0700 fffffa80`03648401 00000000`00000001 0000001e`2256f500 : nt!KeRemoveQueueEx+0x26b fffff880`171b6a50 fffff802`b3b434d5 : fffffa80`02ef0700 0000001e`2187ec30 fffff880`171b6b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`171b6ae0 fffff802`b3b02d53 : 00000000`000006c0 0000001e`2187ec30 fffff880`00000010 0000001e`2256f5c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`171b6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171b6c40) 0000001e`2256f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003041300 Cid 0bdc.0914 Teb: 000007f6bc878000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa800367b740 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736876 Ticks: 4252 (0:00:01:06.331) Context Switch Count 13 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4645990 Stack Init fffff88017022dd0 Current fffff880170227a0 Base fffff88017023000 Limit fffff8801701d000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`170227e0 fffff802`b3b2d99c : d4001f1c`00000000 00000000`00000000 fffff880`00000001 fffffa80`03e0e430 : nt!KiSwapContext+0x76 fffff880`17022920 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3ac211e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`170229e0 fffff802`b3ed0b6c : fffffa80`0367b740 00000000`00000001 0000001e`2266fa00 fffff880`17022b00 : nt!KeRemoveQueueEx+0x26b fffff880`17022a90 fffff802`b3eafcb5 : fffffa80`0367b740 fffff880`17022b88 fffff880`17022b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17022b20 fffff802`b3b02d53 : fffffa80`03041300 0000001e`2266fa98 fffff880`17022be8 fffff6fb`7da003c0 : nt!NtRemoveIoCompletion+0x135 fffff880`17022bd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17022c40) 0000001e`2266fa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa80033b1940 Cid 0bdc.0cfc Teb: 000007f6bc87a000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable fffffa8003bbe118 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15735637 Ticks: 5491 (0:00:01:25.660) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88015964dd0 Current fffff880159647e0 Base fffff88015965000 Limit fffff8801595f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15964820 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 fffff802`b3cf72ba : nt!KiSwapContext+0x76 fffff880`15964960 fffff802`b3b29c1f : fffff8a0`06c265c0 00000000`00000000 00000000`00000000 fffff802`b3cf72ba : nt!KiCommitThreadWait+0x23c fffff880`15964a20 fffff802`b3e257a4 : fffffa80`03bbe118 fffff8a0`00000000 fffffa80`00000001 00000000`00c74300 : nt!KeWaitForSingleObject+0x1cf fffff880`15964ab0 fffff802`b3e8418b : 00000000`00000100 00000000`00000000 fffff880`15964b40 fffff880`00000001 : nt!EtwpReceiveNotification+0x6c fffff880`15964b20 fffff802`b3b02d53 : 00000000`00000010 00000000`00000000 fffff6fb`7dbed078 fffff6fb`7da0ffd8 : nt!NtTraceControl+0x337 fffff880`15964bd0 000007fe`f7ec459b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15964c40) 0000001e`225efa58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTraceControl+0xa THREAD fffffa800418bb00 Cid 0bdc.0da4 Teb: 000007f6bc886000 Win32Thread: fffff90103f06640 WAIT: (UserRequest) UserMode Alertable fffffa8003065290 SynchronizationEvent IRP List: fffffa8002195c10: (0006,03e8) Flags: 00020870 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15740256 Ticks: 872 (0:00:00:13.603) Context Switch Count 51 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff8801731fdd0 Current fffff8801731f0f0 Base fffff88017320000 Limit fffff8801731a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`1731f130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1731f270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1731f330 fffff802`b3b2943e : fffffa80`03065290 00000000`00000006 fffff8a0`06943201 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`1731f3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`1731f540 fffff880`1731fb10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1731f470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 fffff880`1731f9b0 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1731f980 fffff802`b3b02d53 : fffffa80`0418bb00 0000001e`2042f578 fffff880`1731fbe8 0000001e`2042f5a0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1731fbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1731fc40) 0000001e`2042f558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003894b00 Cid 0bdc.0e40 Teb: 000007f6bc872000 Win32Thread: fffff90104252b90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 67 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801759cdd0 Current fffff8801759c760 Base fffff8801759d000 Limit fffff88017597000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`1759c7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000001 fffff802`b3e6bfac : nt!KiSwapContext+0x76 fffff880`1759c8e0 fffff802`b3b38ddb : fffff880`1759ccc0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1759c9a0 fffff802`b3ed0b6c : fffffa80`0418c880 fffffa80`03894b01 00000000`00000001 0000001e`227ef800 : nt!KeRemoveQueueEx+0x26b fffff880`1759ca50 fffff802`b3b434d5 : fffffa80`0418c880 0000001e`2194b8a0 fffff880`1759cb80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`1759cae0 fffff802`b3b02d53 : 00000000`00000224 0000001e`2194b8a0 fffff880`00000010 0000001e`227ef8e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1759cc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1759cc40) 0000001e`227ef888 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020ca080 Cid 0bdc.0b98 Teb: 000007f6bc86e000 Win32Thread: fffff9010434ab90 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736965 Ticks: 4163 (0:00:01:04.943) Context Switch Count 42 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003063dd0 Current fffff88003063760 Base fffff88003064000 Limit fffff8800305e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`030637a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 fffff8a0`00000001 fffff802`b3cf72ba : nt!KiSwapContext+0x76 fffff880`030638e0 fffff802`b3b38ddb : 00000000`00000001 fffff8a0`00526380 00000000`00000000 fffff8a0`06549010 : nt!KiCommitThreadWait+0x23c fffff880`030639a0 fffff802`b3ed0b6c : fffffa80`0418c880 fffffa80`020ca001 00000000`00000001 0000001e`228efb00 : nt!KeRemoveQueueEx+0x26b fffff880`03063a50 fffff802`b3b434d5 : fffffa80`0418c880 0000001e`61f64fb0 fffff880`03063b80 fffff802`b3d0d000 : nt!IoRemoveIoCompletion+0x4c fffff880`03063ae0 fffff802`b3b02d53 : 00000000`00000224 0000001e`61f64fb0 00000000`00000010 0000001e`228efb30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03063c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03063c40) 0000001e`228efad8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800306a440 Cid 0bdc.0b30 Teb: 000007f6bc866000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800418c880 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001fe8940 Image: LiveComm.exe Attached Process N/A Image: N/A Wait Start TickCount 15736997 Ticks: 4131 (0:00:01:04.444) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dfbdd0 Current fffff88003dfb760 Base fffff88003dfc000 Limit fffff88003df6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa8003057580 Child-SP RetAddr : Args to Child : Call Site fffff880`03dfb7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000001 fffff802`b3b2a815 : nt!KiSwapContext+0x76 fffff880`03dfb8e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03dfb9a0 fffff802`b3ed0b6c : fffffa80`0418c880 fffffa80`0306a401 00000000`00000001 0000001e`22aefa00 : nt!KeRemoveQueueEx+0x26b fffff880`03dfba50 fffff802`b3b434d5 : fffffa80`0418c880 0000001e`21888cd0 fffff880`03dfbb80 fffff802`b3d0d001 : nt!IoRemoveIoCompletion+0x4c fffff880`03dfbae0 fffff802`b3b02d53 : 00000000`00000224 0000001e`21888cd0 00000000`00000010 0000001e`22aefa40 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03dfbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dfbc40) 0000001e`22aef9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002d5d940 SessionId: 2 Cid: 0dd0 Peb: 7f6525bf000 ParentCid: 0d68 DirBase: 66377000 ObjectTable: fffff8a0068d5600 HandleCount: Image: browserchoice.exe THREAD fffffa800414e080 Cid 0dd0.0ffc Teb: 000007f6525bd000 Win32Thread: fffff90103e94530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003b43b00 NotificationEvent fffffa800200e080 ProcessObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15682371 Ticks: 58757 (0:00:15:16.615) Context Switch Count 173 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.031 Win32 Start Address 0x000007f652923adc Stack Init fffff880172d6dd0 Current fffff880172d6180 Base fffff880172d7000 Limit fffff880172d1000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172d61c0 fffff802`b3b2d99c : fffff8a0`00000001 00000000`00000000 fffff880`00000001 fffff802`b3b46ae0 : nt!KiSwapContext+0x76 fffff880`172d6300 fffff802`b3b293cd : fffff800`01000000 00000000`00000001 00000000`00000000 fffff880`172d6a50 : nt!KiCommitThreadWait+0x23c fffff880`172d63c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`172d6540 fffffa80`0200e080 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`172d6470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02d5d940 : nt!ObWaitForMultipleObjects+0x29c fffff880`172d6980 fffff802`b3b02d53 : fffffa80`0414e080 0000002f`d1d8e128 fffff880`172d6be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`172d6bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172d6c40) 0000002f`d1d8e108 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001f76080 Cid 0dd0.07b4 Teb: 000007f6525b5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d6e380 SynchronizationEvent fffffa8003e455b0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15740007 Ticks: 1121 (0:00:00:17.487) Context Switch Count 5 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015910dd0 Current fffff88015910180 Base fffff88015911000 Limit fffff8801590b000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159101c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15910300 fffff802`b3b293cd : 00000000`00000000 fffff880`159104d8 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`159103c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`15910540 fffffa80`03e455b0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15910470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`01dff000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15910980 fffff802`b3b02d53 : fffffa80`01f76080 0000002f`d469f558 fffff880`15910be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15910bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15910c40) 0000002f`d469f538 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800418c9c0 Cid 0dd0.062c Teb: 000007f6525bb000 Win32Thread: fffff90103fbab90 WAIT: (WrQueue) UserMode Alertable fffffa8003075a80 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002d5d940 Image: browserchoice.exe Attached Process N/A Image: N/A Wait Start TickCount 15712373 Ticks: 28755 (0:00:07:28.580) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160c3dd0 Current fffff880160c3760 Base fffff880160c4000 Limit fffff880160be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160c37a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000001 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`160c38e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`160c3b78 : nt!KiCommitThreadWait+0x23c fffff880`160c39a0 fffff802`b3ed0b6c : fffffa80`03075a80 fffffa80`0418c901 00000000`00000001 0000002f`d451fc00 : nt!KeRemoveQueueEx+0x26b fffff880`160c3a50 fffff802`b3b434d5 : fffffa80`03075a80 0000002f`d1e94d30 fffff880`160c3b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`160c3ae0 fffff802`b3b02d53 : 00000000`0000012c 0000002f`d1e94d30 0000002f`00000010 0000002f`d451fc00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160c3c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160c3c40) 0000002f`d451fba8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa800200e080 SessionId: 2 Cid: 0478 Peb: 7f6893cf000 ParentCid: 0288 DirBase: 66cf7000 ObjectTable: fffff8a0029307c0 HandleCount: Image: WWAHost.exe THREAD fffffa800362d500 Cid 0478.0254 Teb: 000007f6893cd000 Win32Thread: fffff90103f68b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa800415e640 NotificationEvent fffffa8001fa17c0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15741023 Ticks: 105 (0:00:00:01.638) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address 0x000007f6894bb320 Stack Init fffff88017303dd0 Current fffff88017303180 Base fffff88017304000 Limit fffff880172fe000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173031c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 842d509e`79aa0000 : nt!KiSwapContext+0x76 fffff880`17303300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3b370de : nt!KiCommitThreadWait+0x23c fffff880`173033c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17303540 fffffa80`01fa17c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17303470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`02049000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17303980 fffff802`b3b02d53 : fffffa80`0362d500 00000068`4834f1e8 fffff880`17303be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17303bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17303c40) 00000068`4834f1c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001f80b00 Cid 0478.03d4 Teb: 000007f6893c9000 Win32Thread: fffff90103fb6410 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 68 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880151f7dd0 Current fffff880151f7760 Base fffff880151f8000 Limit fffff880151f2000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`151f77a0 fffff802`b3b2d99c : fffff8a0`06d12c30 00000000`00000000 00000000`00000001 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`151f78e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`151f7b78 : nt!KiCommitThreadWait+0x23c fffff880`151f79a0 fffff802`b3ed0b6c : fffffa80`03fc03c0 fffffa80`01f80b01 00000000`00000001 00000068`49e9fa00 : nt!KeRemoveQueueEx+0x26b fffff880`151f7a50 fffff802`b3b434d5 : fffffa80`03fc03c0 00000068`483d4140 fffff880`151f7b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`151f7ae0 fffff802`b3b02d53 : 00000000`000000f4 00000068`483d4140 00000068`00000010 00000068`49e9fa10 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`151f7c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`151f7c40) 00000068`49e9f9b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80036f5080 Cid 0478.0a14 Teb: 000007f6893c5000 Win32Thread: fffff90103fb8410 WAIT: (UserRequest) UserMode Alertable fffffa80027f9060 SynchronizationEvent fffffa80021a8940 NotificationEvent fffffa80041a7be0 SynchronizationTimer fffffa8001d2d380 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 16400 IdealProcessor: 0 UserTime 00:00:02.464 KernelTime 00:00:00.904 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff88003c52dd0 Current fffff88003c52180 Base fffff88003c53000 Limit fffff88003c4d000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03c521c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000001 fffff880`0358dc83 : nt!KiSwapContext+0x76 fffff880`03c52300 fffff802`b3b293cd : 00000000`00000000 fffffa80`02d1e780 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`03c523c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`03c52540 fffffa80`01d2d380 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03c52470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 00000000`00000000 fffffa80`018b1070 : nt!ObWaitForMultipleObjects+0x29c fffff880`03c52980 fffff802`b3b02d53 : fffffa80`036f5080 00000068`4b0aecb8 fffff880`03c52be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03c52bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c52c40) 00000068`4b0aec98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80032b3080 Cid 0478.0440 Teb: 000007f68929c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80037ec920 NotificationEvent fffffa8001f990f0 NotificationEvent fffffa800219d550 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address MrmCoreR!Windows::ApplicationModel::Resources::Core::LanguageChangeNotifiyThreadProc (0x000007feeeb8dcfc) Stack Init fffff88015f17dd0 Current fffff88015f17180 Base fffff88015f18000 Limit fffff88015f12000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15f171c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15f17300 fffff802`b3b293cd : fffff880`15f17698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`15f173c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`15f17540 fffffa80`0219d550 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15f17470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000002 : nt!ObWaitForMultipleObjects+0x29c fffff880`15f17980 fffff802`b3b02d53 : fffffa80`032b3080 00000068`4beaf348 fffff880`15f17be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15f17bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f17c40) 00000068`4beaf328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002e66500 Cid 0478.0250 Teb: 000007f689298000 Win32Thread: fffff90103fb6b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80040e0600 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682350 Ticks: 58778 (0:00:15:16.942) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee3987d10 Stack Init fffff88017133dd0 Current fffff880171335f0 Base fffff88017134000 Limit fffff8801712e000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17133630 fffff802`b3b2d99c : 00000000`00000202 00000000`00000000 00000068`4c0bfe78 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`17133770 fffff802`b3b29c1f : fffff880`009e6180 00000000`00000000 00000000`00000000 00000002`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17133830 fffff802`b3b2943e : fffffa80`040e0600 fffffa80`0000000d 00000000`00000001 fffff802`b3afa100 : nt!KeWaitForSingleObject+0x1cf fffff880`171338c0 fffff960`00153e07 : fffff901`00000001 fffff880`171339e0 fffff880`17133990 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`17133970 fffff960`00154765 : fffff880`00000000 fffff901`03fb0000 00000000`00003dff fffff960`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`17133a40 fffff960`00152e99 : fffff880`17133cc0 00000000`00000100 00000000`00000001 fffff901`00800a60 : win32k!xxxSleepThread+0xc5 fffff880`17133a90 fffff960`001545f3 : fffff880`17133bf8 00000068`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`17133bb0 fffff802`b3b02d53 : fffffa80`02e66500 00000000`00000000 00000000`00000020 fffffa80`0269f430 : win32k!NtUserGetMessage+0x83 fffff880`17133c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17133c40) 00000068`4c0bfe78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8003bd9080 Cid 0478.04d4 Teb: 000007f689296000 Win32Thread: fffff90103fba710 WAIT: (UserRequest) UserMode Non-Alertable fffffa800269f430 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15702012 Ticks: 39116 (0:00:10:10.213) Context Switch Count 1108 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007fee397b0c0 Stack Init fffff880161b1dd0 Current fffff880161b1900 Base fffff880161b2000 Limit fffff880161ac000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`161b1940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000001 fffffa80`03f0ca00 : nt!KiSwapContext+0x76 fffff880`161b1a80 fffff802`b3b29c1f : 00000000`00000000 00418937`4bc6a7ef 00000000`00000000 00000000`00000020 : nt!KiCommitThreadWait+0x23c fffff880`161b1b40 fffff802`b3ec9df6 : fffffa80`0269f430 fffff802`00000006 00000000`00000001 fffffa80`03bd9000 : nt!KeWaitForSingleObject+0x1cf fffff880`161b1bd0 fffff802`b3b02d53 : fffffa80`03bd9080 00000000`ffffffff 00000000`00000000 fffffa80`0269f430 : nt!NtWaitForSingleObject+0xb6 fffff880`161b1c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161b1c40) 00000068`4c5bfaa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001e1c600 Cid 0478.0f34 Teb: 000007f689294000 Win32Thread: fffff90103fb8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e131a0 SynchronizationEvent fffffa8003b489d0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15701923 Ticks: 39205 (0:00:10:11.601) Context Switch Count 2681 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.062 Win32 Start Address 0x000007fee399ae74 Stack Init fffff88017445dd0 Current fffff88017445180 Base fffff88017446000 Limit fffff88017440000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174451c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`17445300 fffff802`b3b293cd : fffff880`17445520 fffff802`b3ad3a9a 00000000`00000000 00000000`00da7a64 : nt!KiCommitThreadWait+0x23c fffff880`174453c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17445540 fffffa80`03b489d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17445470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3d0d000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17445980 fffff802`b3b02d53 : fffffa80`01e1c600 00000068`4c6cf6a8 fffff880`17445be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17445bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17445c40) 00000068`4c6cf688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8004016080 Cid 0478.0c0c Teb: 000007f689292000 Win32Thread: fffff90103fa1410 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001f06e00 SynchronizationEvent fffffa80018a3900 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 78 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee397b0c0 Stack Init fffff88017587dd0 Current fffff88017587180 Base fffff88017588000 Limit fffff88017582000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`175871c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff880`17587420 : nt!KiSwapContext+0x76 fffff880`17587300 fffff802`b3b293cd : fffffa80`01f06e00 00000000`00000006 00000000`00000000 fffff880`0158cc00 : nt!KiCommitThreadWait+0x23c fffff880`175873c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17587540 fffffa80`018a3900 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17587470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`175879b0 fffffa80`018b1070 : nt!ObWaitForMultipleObjects+0x29c fffff880`17587980 fffff802`b3b02d53 : fffffa80`04016080 00000068`4c82f6a8 fffff880`17587be8 00000068`4c82f6d0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17587bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17587c40) 00000068`4c82f688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d83700 Cid 0478.013c Teb: 000007f689290000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040b8620 SynchronizationEvent fffffa80041735c0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682797 Ticks: 58331 (0:00:15:09.969) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff88015933dd0 Current fffff88015933180 Base fffff88015934000 Limit fffff8801592e000 Call 0 Priority 10 BasePriority 7 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`159331c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15933300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3dd8280 00000000`00000000 fffff880`009e6180 : nt!KiCommitThreadWait+0x23c fffff880`159333c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15933540 fffffa80`041735c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15933470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000050 : nt!ObWaitForMultipleObjects+0x29c fffff880`15933980 fffff802`b3b02d53 : fffffa80`01d83700 00000068`4d0df518 fffff880`15933be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15933bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15933c40) 00000068`4d0df4f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e56880 Cid 0478.0130 Teb: 000007f68928e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800384cca0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15682789 Ticks: 58339 (0:00:15:10.094) Context Switch Count 29 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8800302edd0 Current fffff8800302e900 Base fffff8800302f000 Limit fffff88003029000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`0302e940 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 0684d640`0684d640 : nt!KiSwapContext+0x76 fffff880`0302ea80 fffff802`b3b29c1f : 00000068`504d0000 00000000`00000000 00000000`00000000 fffffa80`0200e080 : nt!KiCommitThreadWait+0x23c fffff880`0302eb40 fffff802`b3ec9df6 : fffffa80`0384cca0 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`0302ebd0 fffff802`b3b02d53 : fffffa80`03e56880 00000000`ffffffff 00000000`00000000 fffffa80`0384cca0 : nt!NtWaitForSingleObject+0xb6 fffff880`0302ec40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0302ec40) 00000068`4d1ffc18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002cd7b00 Cid 0478.0bf8 Teb: 000007f68928c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800398f290 SynchronizationEvent fffffa8003daf2f0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740250 Ticks: 878 (0:00:00:13.696) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88002fb2dd0 Current fffff88002fb2180 Base fffff88002fb3000 Limit fffff88002fad000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`02fb21c0 fffff802`b3b2d99c : fffff880`00000001 00000000`00000000 00000000`00000000 00000000`00000007 : nt!KiSwapContext+0x76 fffff880`02fb2300 fffff802`b3b293cd : 00000000`00000000 fffff880`02fb24d8 00000000`00000000 fffff802`b3b4749f : nt!KiCommitThreadWait+0x23c fffff880`02fb23c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`02fb2540 fffffa80`03daf2f0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`02fb2470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`02fb2980 fffff802`b3b02d53 : fffffa80`02cd7b00 00000068`4d8bf0d8 fffff880`02fb2be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`02fb2bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02fb2c40) 00000068`4d8bf0b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d9a280 Cid 0478.0c74 Teb: 000007f689286000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa80027725f0 NotificationEvent IRP List: fffffa8002c9c670: (0006,01f0) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736465 Ticks: 4663 (0:00:01:12.743) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff8801728fdd0 Current fffff8801728f900 Base fffff88017290000 Limit fffff8801728a000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1728f940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 0016019f`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`1728fa80 fffff802`b3b29c1f : fffff880`1728fbe8 00000068`5016f168 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x23c fffff880`1728fb40 fffff802`b3ec9df6 : fffffa80`027725f0 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1728fbd0 fffff802`b3b02d53 : fffffa80`01d9a280 00000000`00000004 fffff880`1728fc18 fffffa80`027725f0 : nt!NtWaitForSingleObject+0xb6 fffff880`1728fc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1728fc40) 00000068`5016f0c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80030692c0 Cid 0478.0ea8 Teb: 000007f689282000 Win32Thread: fffff90103f78b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003da4c80 SynchronizationEvent fffffa8003da24e0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15721169 Ticks: 19959 (0:00:05:11.362) Context Switch Count 34 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee397b0c0 Stack Init fffff88015895dd0 Current fffff88015895180 Base fffff88015896000 Limit fffff88015890000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`158951c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff802`00000000 fffffa80`02660040 : nt!KiSwapContext+0x76 fffff880`15895300 fffff802`b3b293cd : fffffa80`03da4c80 fffff880`00000006 00000000`00000000 fffff802`b3a2fb00 : nt!KiCommitThreadWait+0x23c fffff880`158953c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15895540 fffffa80`03da24e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15895470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`158959b0 fffff8a0`064213a8 : nt!ObWaitForMultipleObjects+0x29c fffff880`15895980 fffff802`b3b02d53 : fffffa80`030692c0 00000068`4feef2a8 fffff880`15895be8 00000068`4feef2d0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15895bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15895c40) 00000068`4feef288 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001ed3080 Cid 0478.081c Teb: 000007f68929e000 Win32Thread: fffff9010065c780 WAIT: (UserRequest) UserMode Non-Alertable fffffa800204c830 SynchronizationEvent fffffa800263b770 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff8801715ddd0 Current fffff8801715d180 Base fffff8801715e000 Limit fffff88017158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1715d1c0 fffff802`b3b2d99c : 001f0003`00000001 00000000`00000000 fffffa80`00000001 00000000`001f0003 : nt!KiSwapContext+0x76 fffff880`1715d300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 ffff7cad`478bab1a : nt!KiCommitThreadWait+0x23c fffff880`1715d3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`1715d540 fffffa80`0263b770 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1715d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000010 : nt!ObWaitForMultipleObjects+0x29c fffff880`1715d980 fffff802`b3b02d53 : fffffa80`01ed3080 00000068`4e10f228 fffff880`1715dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1715dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1715dc40) 00000068`4e10f208 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038e8080 Cid 0478.0a08 Teb: 000007f68928a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001eef1c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15685914 Ticks: 55214 (0:00:14:21.343) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880174bcdd0 Current fffff880174bc760 Base fffff880174bd000 Limit fffff880174b7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174bc7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`174bc8e0 fffff802`b3b38ddb : fffffa80`01eef1c0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`174bc9a0 fffff802`b3ed0b6c : fffffa80`01eef1c0 fffffa80`038e8001 00000000`00000001 00000068`4faffd00 : nt!KeRemoveQueueEx+0x26b fffff880`174bca50 fffff802`b3b434d5 : fffffa80`01eef1c0 00000068`4cf7cb70 fffff880`174bcb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`174bcae0 fffff802`b3b02d53 : 00000000`000006d0 00000068`4cf7cb70 00000068`00000010 00000068`4faffd10 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`174bcc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`174bcc40) 00000068`4faffcb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002179080 Cid 0478.0180 Teb: 000007f6893cb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003fc03c0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa800200e080 Image: WWAHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15738741 Ticks: 2387 (0:00:00:37.237) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017164dd0 Current fffff88017164760 Base fffff88017165000 Limit fffff8801715f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171647a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`171648e0 fffff802`b3b38ddb : fffffa80`03fc03c0 00000004`be5b78a1 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`171649a0 fffff802`b3ed0b6c : fffffa80`03fc03c0 fffffa80`02179001 00000000`00000001 00000068`4864fc00 : nt!KeRemoveQueueEx+0x26b fffff880`17164a50 fffff802`b3b434d5 : fffffa80`03fc03c0 00000068`4cf17340 fffff880`17164b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`17164ae0 fffff802`b3b02d53 : 00000000`000000f4 00000068`4cf17340 00000068`00000010 00000068`4864fce0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17164c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17164c40) 00000068`4864fc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002cc2940 SessionId: 2 Cid: 03e4 Peb: 7f75e65c000 ParentCid: 0288 DirBase: 53f43000 ObjectTable: fffff8a006b98400 HandleCount: Image: RuntimeBroker.exe THREAD fffffa8001d15900 Cid 03e4.0188 Teb: 000007f75e65e000 Win32Thread: fffff90103fa1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003036fe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740064 Ticks: 1064 (0:00:00:16.598) Context Switch Count 45 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f75ed537d0 Stack Init fffff880159fcdd0 Current fffff880159fc900 Base fffff880159fd000 Limit fffff880159f7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159fc940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 fffffa80`03878f80 : nt!KiSwapContext+0x76 fffff880`159fca80 fffff802`b3b29c1f : fffffa80`03878f80 000007fe`ed630000 00000000`00000000 00000000`00000038 : nt!KiCommitThreadWait+0x23c fffff880`159fcb40 fffff802`b3ec9df6 : fffffa80`03036fe0 fffffa80`00000006 00000000`00000001 fffff802`b3ef2900 : nt!KeWaitForSingleObject+0x1cf fffff880`159fcbd0 fffff802`b3b02d53 : fffffa80`01d15900 00000000`0000ea60 fffff880`159fcc18 fffffa80`03036fe0 : nt!NtWaitForSingleObject+0xb6 fffff880`159fcc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159fcc40) 000000bd`3a4cf628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80033e2980 Cid 03e4.0e78 Teb: 000007f75e52a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003954900 SynchronizationEvent fffffa8001c9b060 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740436 Ticks: 692 (0:00:00:10.795) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88003008dd0 Current fffff88003008180 Base fffff88003009000 Limit fffff88003003000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`030081c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03008300 fffff802`b3b293cd : 00000000`00000000 fffff880`030084d8 00000000`00000000 fffff802`b3b4749f : nt!KiCommitThreadWait+0x23c fffff880`030083c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`03008540 fffffa80`01c9b060 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03008470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`03008980 fffff802`b3b02d53 : fffffa80`033e2980 000000bd`3c4af098 fffff880`03008be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03008bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03008c40) 000000bd`3c4af078 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003fb0080 Cid 03e4.0880 Teb: 000007f75e528000 Win32Thread: fffff90100648b90 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80027a8940 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15740565 Ticks: 563 (0:00:00:08.782) Context Switch Count 161 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff8800300fdd0 Current fffff8800300f5f0 Base fffff88003010000 Limit fffff8800300a000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`0300f630 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`0300f770 fffff802`b3b29c1f : c50018b5`3207ffdf 00000005`00000008 00000000`00000000 00000001`00000000 : nt!KiCommitThreadWait+0x23c fffff880`0300f830 fffff802`b3b2943e : fffffa80`027a8940 00000000`0000000d 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`0300f8c0 fffff960`00153e07 : fffff880`00000001 fffff880`0300f9e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`0300f970 fffff960`00154765 : fffff901`006c0000 fffff901`00640000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`0300fa40 fffff960`00152e99 : fffff880`0300fcc0 00000000`00000100 00000000`00000001 fffff901`00000000 : win32k!xxxSleepThread+0xc5 fffff880`0300fa90 fffff960`001545f3 : fffff880`0300fbf8 000000bd`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`0300fbb0 fffff802`b3b02d53 : fffffa80`03fb0080 000007fe`f7ca6ab0 00000000`00000020 fffffa80`03dd1160 : win32k!NtUserGetMessage+0x83 fffff880`0300fc40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0300fc40) 000000bd`3c53f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8003f63080 Cid 03e4.0d74 Teb: 000007f75e658000 Win32Thread: fffff9010434a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 265 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017572dd0 Current fffff88017572760 Base fffff88017573000 Limit fffff8801756d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`175727a0 fffff802`b3b2d99c : 000000bd`00000000 00000000`00000000 fffffa80`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175728e0 fffff802`b3b38ddb : fffff8a0`02c47cf0 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`175729a0 fffff802`b3ed0b6c : fffffa80`021b8380 fffffa80`03f63001 00000000`00000001 000000bd`3a7df900 : nt!KeRemoveQueueEx+0x26b fffff880`17572a50 fffff802`b3b434d5 : fffffa80`021b8380 000000bd`3a56c6b0 fffff880`17572b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17572ae0 fffff802`b3b02d53 : 00000000`000000a4 000000bd`3a56c6b0 000000bd`00000010 000000bd`3a7df940 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17572c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17572c40) 000000bd`3a7df8e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e07080 Cid 03e4.0ac0 Teb: 000007f75e654000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036f84a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017347dd0 Current fffff880173470f0 Base fffff88017348000 Limit fffff88017342000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17347130 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17347270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17347330 fffff802`b3b2943e : fffffa80`036f84a0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`173473c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`17347540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`17347470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`17347980 fffff802`b3b02d53 : fffffa80`01e07080 000000bd`3d3af678 fffff880`17347be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17347bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17347c40) 000000bd`3d3af658 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018af080 Cid 03e4.09f0 Teb: 000007f75e52e000 Win32Thread: fffff9010419a010 WAIT: (WrQueue) UserMode Alertable fffffa80021b8380 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15739847 Ticks: 1281 (0:00:00:19.983) Context Switch Count 226 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175ccdd0 Current fffff880175cc760 Base fffff880175cd000 Limit fffff880175c7000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`175cc7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`03fdb6d0 : nt!KiSwapContext+0x76 fffff880`175cc8e0 fffff802`b3b38ddb : fffff8a0`01d02350 fffff802`b3cf72ba 00000000`00000000 fffff880`175cca60 : nt!KiCommitThreadWait+0x23c fffff880`175cc9a0 fffff802`b3ed0b6c : fffffa80`021b8380 fffffa80`018af001 00000000`00000001 000000bd`3d66f700 : nt!KeRemoveQueueEx+0x26b fffff880`175cca50 fffff802`b3b434d5 : fffffa80`021b8380 000000bd`3a5eb2e0 fffff880`175ccb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`175ccae0 fffff802`b3b02d53 : 00000000`000000a4 000000bd`3a5eb2e0 000000bd`00000010 000000bd`3d66f7c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`175ccc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175ccc40) 000000bd`3d66f768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003faf580 Cid 03e4.073c Teb: 000007f75e52c000 Win32Thread: fffff90104118010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003b97990 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cc2940 Image: RuntimeBroker.exe Attached Process N/A Image: N/A Wait Start TickCount 15736411 Ticks: 4717 (0:00:01:13.585) Context Switch Count 92 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.031 Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0) Stack Init fffff88015e53dd0 Current fffff88015e535f0 Base fffff88015e54000 Limit fffff88015e4e000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e53630 fffff802`b3b2d99c : ffff7cad`457b4eaa 00000000`00000000 fffffa80`03faf6c0 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`15e53770 fffff802`b3b29c1f : 00000000`00010224 00000000`00000000 00000000`00000000 fffff802`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e53830 fffff802`b3b2943e : fffffa80`03b97990 00000000`0000000d fffffa80`03faf501 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`15e538c0 fffff960`00153e07 : fffffa80`00000001 fffff880`15e539e0 00000000`00000002 fffff8a0`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`15e53970 fffff960`00154765 : fffffa80`018a0000 fffff901`04110000 00000000`00003dff fffff8a0`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`15e53a40 fffff960`00152e99 : fffff880`15e53cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`15e53a90 fffff960`001545f3 : fffff880`15e53bf8 000000bd`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`15e53bb0 fffff802`b3b02d53 : fffffa80`03faf580 00000000`00000023 00000000`00000020 fffffa80`039391c0 : win32k!NtUserGetMessage+0x83 fffff880`15e53c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e53c40) 000000bd`3d6efcc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa PROCESS fffffa8002cb2940 SessionId: 2 Cid: 0c80 Peb: 7f6c41dd000 ParentCid: 0288 DeepFreeze DirBase: 2ef45000 ObjectTable: fffff8a002f215c0 HandleCount: Image: iexplore.exe THREAD fffffa8001e4eb00 Cid 0c80.0514 Teb: 000007f6c41de000 Win32Thread: fffff901000e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e4ede0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 7283 IdealProcessor: 0 UserTime 00:00:00.202 KernelTime 00:00:00.296 Win32 Start Address 0x000007f6c49b1b00 Stack Init fffff880155f8dd0 Current fffff880155f8740 Base fffff880155f9000 Limit fffff880155f3000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`155f8780 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`fffeffff fffffa80`0397be40 : nt!KiSwapContext+0x76 fffff880`155f88c0 fffff802`b3b29c1f : fffffa80`03b9b090 fffff8a0`00605c20 00000000`00000000 fffffa80`0397be40 : nt!KiCommitThreadWait+0x23c fffff880`155f8980 fffff802`b3aea5e9 : fffffa80`01e4ede0 fffffa80`00000005 ffffffff`ffffff00 fffffa80`02cb2900 : nt!KeWaitForSingleObject+0x1cf fffff880`155f8a10 fffff802`b3b65940 : 00000000`000008f8 fffffa80`01e4eb00 fffff880`155f8ab8 00000000`00000028 : nt!KiSchedulerApc+0x8d fffff880`155f8a70 fffff802`b3aabfb3 : fffff880`155f8be8 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`155f8af0 fffff802`b3ec1a38 : fffffa80`03b9b090 00000000`00000000 00000021`8c33cf40 00000021`8c33c501 : nt!KiCheckForKernelApcDelivery+0x23 fffff880`155f8b20 fffff802`b3b02d53 : fffffa80`01e4eb00 fffff880`155f8cc0 fffff880`155f8be8 fffff802`b3ed0e8d : nt!NtAlpcSendWaitReceivePort+0x1e8 fffff880`155f8bd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155f8c40) 00000021`8c33cef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa800219c080 Cid 0c80.0d88 Teb: 000007f6c41db000 Win32Thread: fffff90103f206e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800219c360 NotificationEvent Waiting for reply to ALPC Message fffff8a0018c8030 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 6167 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.109 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801548ddd0 Current fffff8801548d430 Base fffff8801548e000 Limit fffff88015488000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1548d470 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffff8a0`00000000 fffff880`1548d740 : nt!KiSwapContext+0x76 fffff880`1548d5b0 fffff802`b3b29c1f : fffff880`1548d740 fffff802`b3a34325 00000000`00000000 fffff880`0151a500 : nt!KiCommitThreadWait+0x23c fffff880`1548d670 fffff802`b3aea5e9 : fffffa80`0219c360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1548d700 fffff802`b3b65940 : 00000000`00000000 fffffa80`0219c080 fffff880`1548d7a8 fffff8a0`01ef0b20 : nt!KiSchedulerApc+0x8d fffff880`1548d760 fffff802`b3b2dc12 : fffffa80`0219c080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1548d7e0 fffff802`b3b29c1f : fffff8a0`00312eb0 fffff880`1548daa8 00000000`00000001 fffffa80`038b9e40 : nt!KiCommitThreadWait+0x4b0 fffff880`1548d8a0 fffff802`b3af1a0a : fffffa80`0219c428 ffffffff`00000011 00000021`00000001 00000000`03ab5901 : nt!KeWaitForSingleObject+0x1cf fffff880`1548d930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`0219c428 00000000`00000001 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`1548d9e0 fffff802`b3ebb762 : fffffa80`03fc48e0 00000021`91b10710 00000021`8e0bef08 00000000`00000001 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1548da40 fffff802`b3ec19c2 : fffffa80`03fc48e0 00000000`00020000 00000021`91b10710 00000021`91ab73f8 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1548db20 fffff802`b3b02d53 : fffffa80`0219c080 fffff880`1548dcc0 fffff880`1548dbe8 00000000`00000000 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1548dbd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1548dc40) 00000021`8e0beeb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8001c41080 Cid 0c80.056c Teb: 000007f6c41d9000 Win32Thread: fffff90103fc23d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c41360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address iertutil!IsoManagerThreadNonzero_WindowsPump (0x000007fef61831f0) Stack Init fffff88015520dd0 Current fffff8801551fec0 Base fffff88015521000 Limit fffff8801551b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1551ff00 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15520040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15520100 fffff802`b3aea5e9 : fffffa80`01c41360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15520190 fffff802`b3b65940 : 00000000`00000000 fffffa80`01c41080 fffff880`15520238 fffff8a0`00b38140 : nt!KiSchedulerApc+0x8d fffff880`155201f0 fffff802`b3b2dc12 : fffffa80`01c41080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15520270 fffff802`b3b29c1f : 00000001`00000000 fffffa80`01815010 00000000`00000000 fffff880`15520458 : nt!KiCommitThreadWait+0x4b0 fffff880`15520330 fffff802`b3b2943e : fffffa80`032b1dc0 fffff802`00000006 00000000`00000001 00000000`00da7a00 : nt!KeWaitForSingleObject+0x1cf fffff880`155203c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`15520540 00000000`00000000 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`15520470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15520980 fffff802`b3b02d53 : fffffa80`01c41080 00000021`8ecdf9d8 fffff880`15520be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15520bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15520c40) 00000021`8ecdf9b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80036922c0 Cid 0c80.0ec8 Teb: 000007f6c41d7000 Win32Thread: fffff90103f68710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80036925a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee47c2b10 Stack Init fffff88015573dd0 Current fffff88015572f50 Base fffff88015574000 Limit fffff8801556e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15572f90 fffff802`b3b2d99c : fffff802`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`155730d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3ecae00 : nt!KiCommitThreadWait+0x23c fffff880`15573190 fffff802`b3aea5e9 : fffffa80`036925a0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15573220 fffff802`b3b65940 : 00000000`00000000 fffffa80`036922c0 fffff880`155732c8 fffff880`155733b0 : nt!KiSchedulerApc+0x8d fffff880`15573280 fffff802`b3b2dc12 : fffffa80`036922c0 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15573300 fffff802`b3b293cd : 00000000`00000000 fffff880`155734d8 00000000`00000000 ffff7cad`45c94b1a : nt!KiCommitThreadWait+0x4b0 fffff880`155733c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`15573540 fffffa80`027baf40 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15573470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15573980 fffff802`b3b02d53 : fffffa80`036922c0 00000021`8edef4d8 fffff880`15573be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15573bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15573c40) 00000021`8edef4b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002ccf200 Cid 0c80.0fdc Teb: 000007f6c41d5000 Win32Thread: fffff901006166f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ccf4e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 617 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.031 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880171c4dd0 Current fffff880171c4530 Base fffff880171c5000 Limit fffff880171bf000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171c4570 fffff802`b3b2d99c : fffffa80`01ff73d0 00000000`00000000 fffffa80`02d0d498 fffff8a0`06c688b0 : nt!KiSwapContext+0x76 fffff880`171c46b0 fffff802`b3b29c1f : 00000000`00000000 00000000`0000002f 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`171c4770 fffff802`b3aea5e9 : fffffa80`02ccf4e0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`171c4800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02ccf200 fffff880`171c48a8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`171c4860 fffff802`b3b2dc12 : fffffa80`02ccf200 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`171c48e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`171c49a0 fffff802`b3ed0b6c : fffffa80`03da4bc0 fffffa80`02ccf201 00000000`00000001 00000021`8eeefa00 : nt!KeRemoveQueueEx+0x26b fffff880`171c4a50 fffff802`b3b434d5 : fffffa80`03da4bc0 00000021`8c4280a0 fffff880`171c4b80 00000000`7ffe03c0 : nt!IoRemoveIoCompletion+0x4c fffff880`171c4ae0 fffff802`b3b02d53 : 00000000`00000150 00000021`8c4280a0 00000000`00000010 00000021`8eeefac0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`171c4c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171c4c40) 00000021`8eeefa68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002cee240 Cid 0c80.0fa8 Teb: 000007f6c41d3000 Win32Thread: fffff90103fa79f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cee520 NotificationEvent IRP List: fffffa80041587b0: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 529 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155ffdd0 Current fffff880155ff530 Base fffff88015600000 Limit fffff880155fa000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`155ff570 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000000 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`155ff6b0 fffff802`b3b29c1f : fffff8a0`01f3c3d8 f5a00000`0299c025 00000000`00000000 fffffa80`02cb2900 : nt!KiCommitThreadWait+0x23c fffff880`155ff770 fffff802`b3aea5e9 : fffffa80`02cee520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`155ff800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02cee240 fffff880`155ff8a8 fffff8a0`00895030 : nt!KiSchedulerApc+0x8d fffff880`155ff860 fffff802`b3b2dc12 : fffffa80`02cee240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`155ff8e0 fffff802`b3b38ddb : fffffa80`02cb2e28 00000021`8f221000 00000000`00000000 fffff802`b3b4dca1 : nt!KiCommitThreadWait+0x4b0 fffff880`155ff9a0 fffff802`b3ed0b6c : fffffa80`03da4bc0 fffffa80`02cee201 00000000`00000001 00000021`8efef800 : nt!KeRemoveQueueEx+0x26b fffff880`155ffa50 fffff802`b3b434d5 : fffffa80`03da4bc0 00000021`8c43fbd0 fffff880`155ffb80 00000018`000f0001 : nt!IoRemoveIoCompletion+0x4c fffff880`155ffae0 fffff802`b3b02d53 : 00000000`00000150 00000021`8c43fbd0 00000021`00000010 00000021`8efef8a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155ffc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155ffc40) 00000021`8efef848 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002cba240 Cid 0c80.0370 Teb: 000007f6c40ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cba520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88015806dd0 Current fffff88015805ec0 Base fffff88015807000 Limit fffff88015801000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15805f00 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15806040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15806100 fffff802`b3aea5e9 : fffffa80`02cba520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15806190 fffff802`b3b65940 : 00000000`00000000 fffffa80`02cba240 fffff880`15806238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`158061f0 fffff802`b3b2dc12 : fffffa80`02cba240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15806270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`15806330 fffff802`b3b2943e : fffffa80`01fd9ec0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158063c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`15806540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`15806470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`15806980 fffff802`b3b02d53 : fffffa80`02cba240 00000021`8f0ef238 fffff880`15806be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15806bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15806c40) 00000021`8f0ef218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002cb9200 Cid 0c80.0f58 Teb: 000007f6c40aa000 Win32Thread: fffff901000e0580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002cb94e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 23 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff88015814dd0 Current fffff88015813ec0 Base fffff88015815000 Limit fffff8801580f000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15813f00 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15814040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15814100 fffff802`b3aea5e9 : fffffa80`02cb94e0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15814190 fffff802`b3b65940 : 00000000`00000000 fffffa80`02cb9200 fffff880`15814238 fffff880`158144f0 : nt!KiSchedulerApc+0x8d fffff880`158141f0 fffff802`b3b2dc12 : fffffa80`02cb9200 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15814270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00020437`00020048 : nt!KiCommitThreadWait+0x4b0 fffff880`15814330 fffff802`b3b2943e : fffffa80`036d25d0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158143c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`15814540 fffff880`15814b10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`15814470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3d0d000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15814980 fffff802`b3b02d53 : fffffa80`02cb9200 00000021`8f38f5a8 fffff880`15814be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15814bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15814c40) 00000021`8f38f588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002caa080 Cid 0c80.0e64 Teb: 000007f6c40a8000 Win32Thread: fffff9010060b010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002caa360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee48a5f70 Stack Init fffff88015822dd0 Current fffff88015821f50 Base fffff88015823000 Limit fffff8801581d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15821f90 fffff802`b3b2d99c : fffff980`00000000 00000000`00000000 00000000`00000000 fffff880`15822620 : nt!KiSwapContext+0x76 fffff880`158220d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15822190 fffff802`b3aea5e9 : fffffa80`02caa360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15822220 fffff802`b3b65940 : 00000000`00000000 fffffa80`02caa080 fffff880`158222c8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`15822280 fffff802`b3b2dc12 : fffffa80`02caa080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15822300 fffff802`b3b293cd : fffff880`15822698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x4b0 fffff880`158223c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15822540 fffffa80`0375bca0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15822470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15822980 fffff802`b3b02d53 : fffffa80`02caa080 00000021`8f48f4a8 fffff880`15822be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15822bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15822c40) 00000021`8f48f488 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800363c080 Cid 0c80.0038 Teb: 000007f6c40a6000 Win32Thread: fffff9010060b580 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800363c360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020) Stack Init fffff8801581bdd0 Current fffff8801581af50 Base fffff8801581c000 Limit fffff88015816000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1581af90 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffff802`b3bc5258 : nt!KiSwapContext+0x76 fffff880`1581b0d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1581b190 fffff802`b3aea5e9 : fffffa80`0363c360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1581b220 fffff802`b3b65940 : 00000000`00000000 fffffa80`0363c080 fffff880`1581b2c8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1581b280 fffff802`b3b2dc12 : fffffa80`0363c080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1581b300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3afa19e 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x4b0 fffff880`1581b3c0 fffff802`b3eca2ac : fffffa80`00000004 fffff880`1581b540 fffffa80`039102f0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1581b470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1581b980 fffff802`b3b02d53 : fffffa80`0363c080 00000021`8f68f148 fffff880`1581bbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1581bbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1581bc40) 00000021`8f68f128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018bc240 Cid 0c80.0f50 Teb: 000007f6c40a4000 Win32Thread: fffff901006135f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018bc520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801589cdd0 Current fffff8801589c530 Base fffff8801589d000 Limit fffff88015897000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1589c570 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 fffffa80`00000000 fffff802`00000001 : nt!KiSwapContext+0x76 fffff880`1589c6b0 fffff802`b3b29c1f : fffff8a0`01d43848 d7100000`63f99025 00000000`00000000 fffffa80`02cb2900 : nt!KiCommitThreadWait+0x23c fffff880`1589c770 fffff802`b3aea5e9 : fffffa80`018bc520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1589c800 fffff802`b3b65940 : 00000000`00000000 fffffa80`018bc240 fffff880`1589c8a8 fffff8a0`065b60c0 : nt!KiSchedulerApc+0x8d fffff880`1589c860 fffff802`b3b2dc12 : fffffa80`018bc240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1589c8e0 fffff802`b3b38ddb : fffffa80`02cb2e28 00000000`00000000 00000000`00000000 fffff880`009e6180 : nt!KiCommitThreadWait+0x4b0 fffff880`1589c9a0 fffff802`b3ed0b6c : fffffa80`03da4bc0 fffffa80`018bc201 00000000`00000001 00000021`8f8bfa00 : nt!KeRemoveQueueEx+0x26b fffff880`1589ca50 fffff802`b3b434d5 : fffffa80`03da4bc0 00000021`8c474290 fffff880`1589cb80 00000018`000f0001 : nt!IoRemoveIoCompletion+0x4c fffff880`1589cae0 fffff802`b3b02d53 : 00000000`00000150 00000021`8c474290 00000021`00000010 00000021`8f8bfa00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1589cc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1589cc40) 00000021`8f8bf9a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003610080 Cid 0c80.0e54 Teb: 000007f6c40a2000 Win32Thread: fffff90103fc29f0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003610360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880158aadd0 Current fffff880158a9f50 Base fffff880158ab000 Limit fffff880158a5000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158a9f90 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`158aa0d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`158aa190 fffff802`b3aea5e9 : fffffa80`03610360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158aa220 fffff802`b3b65940 : 00000000`00000000 fffffa80`03610080 fffff880`158aa2c8 fffff880`00000002 : nt!KiSchedulerApc+0x8d fffff880`158aa280 fffff802`b3b2dc12 : fffffa80`03610080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158aa300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 ffff7cad`4514db1a : nt!KiCommitThreadWait+0x4b0 fffff880`158aa3c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`158aa540 fffffa80`04160f60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`158aa470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`0058fb00 : nt!ObWaitForMultipleObjects+0x29c fffff880`158aa980 fffff802`b3b02d53 : fffffa80`03610080 00000021`8f9bf4b8 fffff880`158aabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`158aabd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158aac40) 00000021`8f9bf498 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002db7900 Cid 0c80.0c9c Teb: 000007f6c40a0000 Win32Thread: fffff901006ab680 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002db7be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 473 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158b1dd0 Current fffff880158b1530 Base fffff880158b2000 Limit fffff880158ac000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158b1570 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`009e6180 : nt!KiSwapContext+0x76 fffff880`158b16b0 fffff802`b3b29c1f : 00000000`00000000 00000001`00000005 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`158b1770 fffff802`b3aea5e9 : fffffa80`02db7be0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158b1800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02db7900 fffff880`158b18a8 fffffa80`025fc180 : nt!KiSchedulerApc+0x8d fffff880`158b1860 fffff802`b3b2dc12 : fffffa80`02db7900 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158b18e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`158b19a0 fffff802`b3ed0b6c : fffffa80`03da4bc0 fffffa80`02db7901 00000000`00000001 00000021`8fabf500 : nt!KeRemoveQueueEx+0x26b fffff880`158b1a50 fffff802`b3b434d5 : fffffa80`03da4bc0 00000021`8c497e30 fffff880`158b1b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`158b1ae0 fffff802`b3b02d53 : 00000000`00000150 00000021`8c497e30 00000000`00000010 00000021`8fabf5b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158b1c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158b1c40) 00000021`8fabf558 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800210a780 Cid 0c80.0650 Teb: 000007f6c409a000 Win32Thread: fffff901006bb010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800210aa60 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 3877 IdealProcessor: 0 UserTime 00:00:00.093 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158a3dd0 Current fffff880158a3530 Base fffff880158a4000 Limit fffff8801589e000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158a3570 fffff802`b3b2d99c : fffffa80`0205dac0 00000000`00000000 fffffa80`018ca168 fffff8a0`01d12f30 : nt!KiSwapContext+0x76 fffff880`158a36b0 fffff802`b3b29c1f : 00000000`00000001 00000000`0000002f 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`158a3770 fffff802`b3aea5e9 : fffffa80`0210aa60 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158a3800 fffff802`b3b65940 : 00000000`00000000 fffffa80`0210a780 fffff880`158a38a8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`158a3860 fffff802`b3b2dc12 : fffffa80`0210a780 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158a38e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000380 00000000`00000000 fffffa80`018ca100 : nt!KiCommitThreadWait+0x4b0 fffff880`158a39a0 fffff802`b3ed0b6c : fffffa80`03da4bc0 fffffa80`0210a701 00000000`00000001 00000021`8fdbf900 : nt!KeRemoveQueueEx+0x26b fffff880`158a3a50 fffff802`b3b434d5 : fffffa80`03da4bc0 00000021`8c49e7a0 fffff880`158a3b80 00000000`7ffe0301 : nt!IoRemoveIoCompletion+0x4c fffff880`158a3ae0 fffff802`b3b02d53 : 00000000`00000150 00000021`8c49e7a0 00000000`00000010 00000021`8fdbf9a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158a3c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158a3c40) 00000021`8fdbf948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d65240 Cid 0c80.0f40 Teb: 000007f6c4098000 Win32Thread: fffff901000d4010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d65520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 122 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0) Stack Init fffff880158c6dd0 Current fffff880158c5ec0 Base fffff880158c7000 Limit fffff880158c1000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158c5f00 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`158c6040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`158c6100 fffff802`b3aea5e9 : fffffa80`02d65520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158c6190 fffff802`b3b65940 : 00000000`00000000 fffffa80`02d65240 fffff880`158c6238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`158c61f0 fffff802`b3b2dc12 : fffffa80`02d65240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158c6270 fffff802`b3b29c1f : 00000001`ffffffff fffffa80`01815010 00000000`00000000 fffff880`158c6458 : nt!KiCommitThreadWait+0x4b0 fffff880`158c6330 fffff802`b3b2943e : fffffa80`03f81400 fffff802`00000006 00000000`00000001 00000000`00da7a00 : nt!KeWaitForSingleObject+0x1cf fffff880`158c63c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`158c6540 00000000`00000000 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`158c6470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`158c6980 fffff802`b3b02d53 : fffffa80`02d65240 00000021`8febfa18 fffff880`158c6be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`158c6bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158c6c40) 00000021`8febf9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002d52200 Cid 0c80.0ad8 Teb: 000007f6c4094000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d524e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 20 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158cddd0 Current fffff880158cd530 Base fffff880158ce000 Limit fffff880158c8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158cd570 fffff802`b3b2d99c : 00000001`00000000 00000000`00000000 00000000`00000000 fffff880`158cd7d8 : nt!KiSwapContext+0x76 fffff880`158cd6b0 fffff802`b3b29c1f : 00000000`00000000 00000000`0000002f 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`158cd770 fffff802`b3aea5e9 : fffffa80`02d524e0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158cd800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02d52200 fffff880`158cd8a8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`158cd860 fffff802`b3b2dc12 : fffffa80`02d52200 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158cd8e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`158cd9a0 fffff802`b3ed0b6c : fffffa80`0211a4c0 fffffa80`02d52201 00000000`00000001 00000021`9025f600 : nt!KeRemoveQueueEx+0x26b fffff880`158cda50 fffff802`b3b434d5 : fffffa80`0211a4c0 00000021`9026fe00 fffff880`158cdb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`158cdae0 fffff802`b3b02d53 : 00000000`00000594 00000021`9026fe00 fffff880`00000010 00000021`9025f6c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158cdc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158cdc40) 00000021`9025f668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002d53240 Cid 0c80.0dec Teb: 000007f6c4092000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d53520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1073 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880155e3dd0 Current fffff880155e3530 Base fffff880155e4000 Limit fffff880155de000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`155e3570 fffff802`b3b2d99c : 00000001`00000000 00000000`00000000 00000000`00000000 fffff880`155e37d8 : nt!KiSwapContext+0x76 fffff880`155e36b0 fffff802`b3b29c1f : 00000000`00000000 00000000`0000002f 00000000`00000000 fffff802`b3d0d000 : nt!KiCommitThreadWait+0x23c fffff880`155e3770 fffff802`b3aea5e9 : fffffa80`02d53520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`155e3800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02d53240 fffff880`155e38a8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`155e3860 fffff802`b3b2dc12 : fffffa80`02d53240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`155e38e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`155e39a0 fffff802`b3ed0b6c : fffffa80`03f6a680 fffffa80`02d53201 00000000`00000001 00000021`9068f900 : nt!KeRemoveQueueEx+0x26b fffff880`155e3a50 fffff802`b3b434d5 : fffffa80`03f6a680 00000021`902f5870 fffff880`155e3b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`155e3ae0 fffff802`b3b02d53 : 00000000`00000634 00000021`902f5870 fffff880`00000010 00000021`9068f9c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`155e3c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155e3c40) 00000021`9068f968 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e70340 Cid 0c80.0c40 Teb: 000007f6c40ac000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e70620 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff88016407dd0 Current fffff880164075b0 Base fffff88016408000 Limit fffff88016402000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`164075f0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`164077d0 fffff802`b3b65b91 : nt!KiSwapContext+0x76 fffff880`16407730 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`164077f0 fffff802`b3aea5e9 : fffffa80`01e70620 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16407880 fffff802`b3b65940 : 00000000`00000000 fffffa80`01e70340 fffff880`16407928 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`164078e0 fffff802`b3b2dc12 : fffffa80`01e70340 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`16407960 fffff802`b3b29c1f : fffff8a0`069ce760 00000000`00000000 00000000`00000000 fffff802`b3cf72ba : nt!KiCommitThreadWait+0x4b0 fffff880`16407a20 fffff802`b3e257a4 : fffffa80`03857c78 fffff8a0`00000000 fffffa80`00000001 00000000`00abfc00 : nt!KeWaitForSingleObject+0x1cf fffff880`16407ab0 fffff802`b3e8418b : 00000000`00000100 00000000`00000000 fffff880`16407b40 00000000`00000001 : nt!EtwpReceiveNotification+0x6c fffff880`16407b20 fffff802`b3b02d53 : 00000000`00000010 00000000`00000000 fffff6fb`7dbed000 fffff6fb`7da00430 : nt!NtTraceControl+0x337 fffff880`16407bd0 000007fe`f7ec459b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16407c40) 00000021`936df808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTraceControl+0xa THREAD fffffa8003b84b00 Cid 0c80.0978 Teb: 000007f6c409e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003b84de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 133 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88016342dd0 Current fffff880163426d0 Base fffff88016343000 Limit fffff8801633d000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16342710 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16342850 fffff802`b3b29c1f : fffffa80`02ce3240 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16342910 fffff802`b3aea5e9 : fffffa80`03b84de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`163429a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`03b84b00 fffff880`16342a48 fffff802`b3b3ab5d : nt!KiSchedulerApc+0x8d fffff880`16342a00 fffff802`b3b2dc12 : fffffa80`03b84b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`16342a80 fffff802`b3b29c1f : fffff880`16342be8 00000021`90b7efa8 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x4b0 fffff880`16342b40 fffff802`b3ec9df6 : fffffa80`0264de40 fffffa80`00000006 00000000`00000001 fffff6fb`7da0ff00 : nt!KeWaitForSingleObject+0x1cf fffff880`16342bd0 fffff802`b3b02d53 : fffffa80`03b84b00 00000000`00000004 fffff880`16342c18 fffffa80`0264de40 : nt!NtWaitForSingleObject+0xb6 fffff880`16342c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16342c40) 00000021`90b7ef08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002d7d4c0 Cid 0c80.0af0 Teb: 000007f6c409c000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d7d7a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015141dd0 Current fffff88015141530 Base fffff88015142000 Limit fffff8801513c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15141570 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 fffff802`b3b65b91 : nt!KiSwapContext+0x76 fffff880`151416b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15141770 fffff802`b3aea5e9 : fffffa80`02d7d7a0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15141800 fffff802`b3b65940 : 00000000`00000000 fffffa80`02d7d4c0 fffff880`151418a8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`15141860 fffff802`b3b2dc12 : fffffa80`02d7d4c0 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`151418e0 fffff802`b3b38ddb : fffffa80`038351c0 fffff802`b3b4c9fd 00000000`00000000 00000000`00001545 : nt!KiCommitThreadWait+0x4b0 fffff880`151419a0 fffff802`b3ed0b6c : fffffa80`038351c0 fffffa80`02d7d401 00000000`00000001 00000021`937dfa00 : nt!KeRemoveQueueEx+0x26b fffff880`15141a50 fffff802`b3b434d5 : fffffa80`038351c0 00000021`91acff30 fffff880`15141b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`15141ae0 fffff802`b3b02d53 : 00000000`000004b8 00000021`91acff30 00000021`00000010 00000021`937dfad0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15141c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15141c40) 00000021`937dfa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001f5b900 Cid 0c80.0944 Teb: 000007f6c4096000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001f5bbe0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8002cb2940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4645990 Stack Init fffff8801515ddd0 Current fffff8801515d570 Base fffff8801515e000 Limit fffff88015158000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1515d5b0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000000 fffff802`b3b65b91 : nt!KiSwapContext+0x76 fffff880`1515d6f0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1515d7b0 fffff802`b3aea5e9 : fffffa80`01f5bbe0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1515d840 fffff802`b3b65940 : 00000000`00000000 fffffa80`01f5b900 fffff880`1515d8e8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1515d8a0 fffff802`b3b2dc12 : fffffa80`01f5b900 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1515d920 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3ac211e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`1515d9e0 fffff802`b3ed0b6c : fffffa80`02cc7080 00000000`00000001 00000021`938dfb00 fffff880`1515db00 : nt!KeRemoveQueueEx+0x26b fffff880`1515da90 fffff802`b3eafcb5 : fffffa80`02cc7080 fffff880`1515db88 fffff880`1515db80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`1515db20 fffff802`b3b02d53 : fffffa80`01f5b900 00000021`938dfad8 fffff880`1515dbe8 fffff6fb`7da00430 : nt!NtRemoveIoCompletion+0x135 fffff880`1515dbd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1515dc40) 00000021`938dfab8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa PROCESS fffffa8003816940 SessionId: 2 Cid: 0d04 Peb: 7f6c3aca000 ParentCid: 0c80 DeepFreeze DirBase: 34024000 ObjectTable: fffff8a001749a00 HandleCount: Image: iexplore.exe THREAD fffffa8002ca7080 Cid 0d04.0968 Teb: 000007f6c3ace000 Win32Thread: fffff90103fa73d0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002ca7360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 196 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6c49b1b00 Stack Init fffff8801580ddd0 Current fffff8801580cec0 Base fffff8801580e000 Limit fffff88015808000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1580cf00 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`00000000 fffff802`00000007 : nt!KiSwapContext+0x76 fffff880`1580d040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1580d100 fffff802`b3aea5e9 : fffffa80`02ca7360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1580d190 fffff802`b3b65940 : 00000000`00000000 fffffa80`02ca7080 fffff880`1580d238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1580d1f0 fffff802`b3b2dc12 : fffffa80`02ca7080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1580d270 fffff802`b3b29c1f : fffff8a0`06759468 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`1580d330 fffff802`b3b2943e : fffffa80`03613a90 00000000`00000006 fffff8a0`02736501 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`1580d3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`1580d540 00000000`00000000 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1580d470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1580d980 fffff802`b3b02d53 : fffffa80`02ca7080 00000022`79afef18 fffff880`1580dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1580dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1580dc40) 00000022`79afeef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8004154080 Cid 0d04.08f8 Teb: 000007f6c3ac8000 Win32Thread: fffff901006b9b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004154360 NotificationEvent Waiting for reply to ALPC Message fffff8a006909990 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 670 IdealProcessor: 0 UserTime 00:00:00.109 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801631fdd0 Current fffff8801631f430 Base fffff88016320000 Limit fffff8801631a000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1631f470 fffff802`b3b2d99c : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000003 : nt!KiSwapContext+0x76 fffff880`1631f5b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`b3b62200 : nt!KiCommitThreadWait+0x23c fffff880`1631f670 fffff802`b3aea5e9 : fffffa80`04154360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1631f700 fffff802`b3b65940 : 00000000`00000000 fffffa80`04154080 fffff880`1631f7a8 fffff8a0`01f55cf0 : nt!KiSchedulerApc+0x8d fffff880`1631f760 fffff802`b3b2dc12 : fffffa80`04154080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1631f7e0 fffff802`b3b29c1f : fffff8a0`06ba6f00 fffff880`1631faa8 00000000`00000001 fffffa80`03b5e070 : nt!KiCommitThreadWait+0x4b0 fffff880`1631f8a0 fffff802`b3af1a0a : fffffa80`04154428 ffffffff`00000011 00000022`00000001 00000000`0d37b701 : nt!KeWaitForSingleObject+0x1cf fffff880`1631f930 fffff802`b3ebbbd6 : 00000000`00000000 fffffa80`04154428 fffff901`006b9b01 00000000`00000000 : nt!AlpcpSignalAndWait+0x34a fffff880`1631f9e0 fffff802`b3ebb762 : fffffa80`03616070 00000022`03c51290 00000022`7c4ff178 00000000`00000001 : nt!AlpcpReceiveSynchronousReply+0x46 fffff880`1631fa40 fffff802`b3ec19c2 : fffffa80`03616070 000007fe`00020000 00000022`03c51290 00000022`7f73be88 : nt!AlpcpProcessSynchronousRequest+0x350 fffff880`1631fb20 fffff802`b3b02d53 : fffffa80`04154080 fffff880`1631fcc0 fffff880`1631fbe8 000007fe`f7bd7070 : nt!NtAlpcSendWaitReceivePort+0x172 fffff880`1631fbd0 000007fe`f7ec347b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1631fc40) 00000022`7c4ff128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtAlpcSendWaitReceivePort+0xa THREAD fffffa8001dd6b00 Cid 0d04.0728 Teb: 000007f6c3ac6000 Win32Thread: fffff901006b7860 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dd6de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 30 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880162afdd0 Current fffff880162aeec0 Base fffff880162b0000 Limit fffff880162aa000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162aef00 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffff802`b3dd8460 : nt!KiSwapContext+0x76 fffff880`162af040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`162af100 fffff802`b3aea5e9 : fffffa80`01dd6de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`162af190 fffff802`b3b65940 : 00000000`00000000 fffffa80`01dd6b00 fffff880`162af238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`162af1f0 fffff802`b3b2dc12 : fffffa80`01dd6b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`162af270 fffff802`b3b29c1f : 00000000`00000000 fffff880`162af460 00000000`00000000 00000010`648e0001 : nt!KiCommitThreadWait+0x4b0 fffff880`162af330 fffff802`b3b2943e : fffffa80`03e2b330 fffffa80`00000006 fffff680`11032401 fffff700`01080000 : nt!KeWaitForSingleObject+0x1cf fffff880`162af3c0 fffff802`b3eca2ac : 00000000`00000001 fffff880`162af540 00000000`00000000 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`162af470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`162af980 fffff802`b3b02d53 : fffffa80`01dd6b00 00000022`7c5ff5a8 fffff880`162afbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`162afbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162afc40) 00000022`7c5ff588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001decb00 Cid 0d04.0c54 Teb: 000007f6c399e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001decde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88016326dd0 Current fffff88016325ec0 Base fffff88016327000 Limit fffff88016321000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16325f00 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000001 : nt!KiSwapContext+0x76 fffff880`16326040 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16326100 fffff802`b3aea5e9 : fffffa80`01decde0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16326190 fffff802`b3b65940 : 00000000`00000000 fffffa80`01decb00 fffff880`16326238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`163261f0 fffff802`b3b2dc12 : fffffa80`01decb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`16326270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`16326330 fffff802`b3b2943e : fffffa80`01d09ec0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`163263c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`16326540 00000000`00000001 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`16326470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`16326980 fffff802`b3b02d53 : fffffa80`01decb00 00000022`7c7fefb8 fffff880`16326be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16326bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16326c40) 00000022`7c7fef98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800415a5c0 Cid 0d04.0f90 Teb: 000007f6c399c000 Win32Thread: fffff901006a9830 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800415a8a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12394 IdealProcessor: 0 UserTime 00:00:02.683 KernelTime 00:00:00.811 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880162bddd0 Current fffff880162bd540 Base fffff880162be000 Limit fffff880162b8000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162bd580 fffff802`b3b2d99c : fffff8a0`026a6160 00000000`00000000 00000000`00000000 fffffa80`041a3030 : nt!KiSwapContext+0x76 fffff880`162bd6c0 fffff802`b3b29c1f : fffff880`162bd7b8 fffff880`162bd7a3 00000000`00000000 fffff880`162bd900 : nt!KiCommitThreadWait+0x23c fffff880`162bd780 fffff802`b3aea5e9 : fffffa80`0415a8a0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`162bd810 fffff802`b3b65940 : 00000000`00000000 fffffa80`0415a5c0 fffff880`162bd8b8 fffff802`b3ecaebf : nt!KiSchedulerApc+0x8d fffff880`162bd870 fffff802`b3b2dc12 : fffffa80`0415a5c0 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`162bd8f0 fffff802`b3b29c1f : fffff880`162bda01 fffff880`00000000 00000000`00000000 fffff901`006a9af8 : nt!KiCommitThreadWait+0x4b0 fffff880`162bd9b0 fffff802`b3b2943e : fffffa80`01e51280 fffffa80`0000000d fffffa80`01812d01 fffff8a0`00000c00 : nt!KeWaitForSingleObject+0x1cf fffff880`162bda40 fffff960`00153e07 : 00000022`00000001 fffff880`162bdb60 fffff880`162bdcc0 fffff802`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`162bdaf0 fffff960`00154765 : 00000000`00000000 fffff901`006a0000 00000000`00003cff fffff802`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`162bdbc0 fffff960`001f0c6f : fffff880`162bdcc0 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`162bdc10 fffff802`b3b02d53 : fffffa80`0415a5c0 fffffa80`0415a5c0 00000000`0017c85d 00000000`00000000 : win32k!NtUserWaitMessage+0x40 fffff880`162bdc40 000007fe`f56c29aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`162bdc40) 00000022`7cafc778 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserWaitMessage+0xa THREAD fffffa8001e58b00 Cid 0d04.0c70 Teb: 000007f6c3998000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e58de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15740837 Ticks: 291 (0:00:00:04.539) Context Switch Count 256 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88016229dd0 Current fffff880162296d0 Base fffff8801622a000 Limit fffff88016224000 Call 0 Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16229710 fffff802`b3b2d99c : fffffa80`01e58b00 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`16229850 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16229910 fffff802`b3aea5e9 : fffffa80`01e58de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`162299a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`01e58b00 fffff880`16229a48 fffff802`b3b3ab5d : nt!KiSchedulerApc+0x8d fffff880`16229a00 fffff802`b3b2dc12 : fffffa80`01e58b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`16229a80 fffff802`b3b29c1f : fffff880`16229be8 00000022`7da1f238 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x4b0 fffff880`16229b40 fffff802`b3ec9df6 : fffffa80`01eb47d0 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16229bd0 fffff802`b3b02d53 : fffffa80`01e58b00 00000000`00000004 fffff880`16229c18 fffffa80`01eb47d0 : nt!NtWaitForSingleObject+0xb6 fffff880`16229c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16229c40) 00000022`7da1f198 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001e52b00 Cid 0d04.085c Teb: 000007f6c3996000 Win32Thread: fffff901000e0b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e52de0 NotificationEvent IRP List: fffffa80018ed010: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 542 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161f0dd0 Current fffff880161f0530 Base fffff880161f1000 Limit fffff880161eb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`161f0570 fffff802`b3b2d99c : fffff680`11000200 00000000`00000000 fffffa80`0179fa40 fffff802`b3b3fc3e : nt!KiSwapContext+0x76 fffff880`161f06b0 fffff802`b3b29c1f : fffff802`b3dd8460 00000000`00000000 00000000`00000000 00000000`00037400 : nt!KiCommitThreadWait+0x23c fffff880`161f0770 fffff802`b3aea5e9 : fffffa80`01e52de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`161f0800 fffff802`b3b65940 : 00000000`00000000 fffffa80`01e52b00 fffff880`161f08a8 00000000`00000001 : nt!KiSchedulerApc+0x8d fffff880`161f0860 fffff802`b3b2dc12 : fffffa80`01e52b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`161f08e0 fffff802`b3b38ddb : 00000000`00000000 00000000`74636553 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`161f09a0 fffff802`b3ed0b6c : fffffa80`0407a500 fffffa80`01e52b01 00000000`00000001 00000022`7dc1fa00 : nt!KeRemoveQueueEx+0x26b fffff880`161f0a50 fffff802`b3b434d5 : fffffa80`0407a500 00000022`79d44010 fffff880`161f0b80 fffff8a0`0072f690 : nt!IoRemoveIoCompletion+0x4c fffff880`161f0ae0 fffff802`b3b02d53 : 00000000`00000138 00000022`79d44010 00000022`00000010 00000022`7dc1faa0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161f0c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161f0c40) 00000022`7dc1fa48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800418ab00 Cid 0d04.0de0 Teb: 000007f6c3994000 Win32Thread: fffff901006c7b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418ade0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 229 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880161dbdd0 Current fffff880161db530 Base fffff880161dc000 Limit fffff880161d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`161db570 fffff802`b3b2d99c : fffff680`00000001 00000000`00000000 fffff157`00000001 fffff802`b3b3fc3e : nt!KiSwapContext+0x76 fffff880`161db6b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`161db770 fffff802`b3aea5e9 : fffffa80`0418ade0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`161db800 fffff802`b3b65940 : 00000000`00000000 fffffa80`0418ab00 fffff880`161db8a8 000007fe`ec04e000 : nt!KiSchedulerApc+0x8d fffff880`161db860 fffff802`b3b2dc12 : fffffa80`0418ab00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`161db8e0 fffff802`b3b38ddb : 00000014`00000000 000007fe`ec04e000 00000000`00000000 00000022`7eca16c8 : nt!KiCommitThreadWait+0x4b0 fffff880`161db9a0 fffff802`b3ed0b6c : fffffa80`0407a500 fffffa80`0418ab01 00000000`00000001 00000022`7dd1f900 : nt!KeRemoveQueueEx+0x26b fffff880`161dba50 fffff802`b3b434d5 : fffffa80`0407a500 00000022`79d4b3c0 fffff880`161dbb80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`161dbae0 fffff802`b3b02d53 : 00000000`00000138 00000022`79d4b3c0 fffff880`00000010 00000022`7dd1f990 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`161dbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`161dbc40) 00000022`7dd1f938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800418a380 Cid 0d04.0f74 Teb: 000007f6c3990000 Win32Thread: fffff901006c5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800418a660 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 220 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016237dd0 Current fffff88016237530 Base fffff88016238000 Limit fffff88016232000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16237570 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 fffffa80`0418a380 : nt!KiSwapContext+0x76 fffff880`162376b0 fffff802`b3b29c1f : 00000000`00000000 fffff8a0`06b35550 00000000`00000000 fffffa80`01e4d700 : nt!KiCommitThreadWait+0x23c fffff880`16237770 fffff802`b3aea5e9 : fffffa80`0418a660 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16237800 fffff802`b3b65940 : 00000000`00000000 fffffa80`0418a380 fffff880`162378a8 fffffa80`0418a728 : nt!KiSchedulerApc+0x8d fffff880`16237860 fffff802`b3b2dc12 : fffffa80`0418a380 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`162378e0 fffff802`b3b38ddb : 00000000`60000000 00000000`00000000 00000000`00000000 fffff802`b3d7f180 : nt!KiCommitThreadWait+0x4b0 fffff880`162379a0 fffff802`b3ed0b6c : fffffa80`0407a500 fffffa80`0418a301 00000000`00000001 00000022`7df1f900 : nt!KeRemoveQueueEx+0x26b fffff880`16237a50 fffff802`b3b434d5 : fffffa80`0407a500 00000022`79d4e610 fffff880`16237b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`16237ae0 fffff802`b3b02d53 : 00000000`00000138 00000022`79d4e610 00000000`00000010 00000022`7df1f9a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16237c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16237c40) 00000022`7df1f948 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001c3e3c0 Cid 0d04.0864 Teb: 000007f6c398e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001c3e6a0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 33 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff8801637add0 Current fffff8801637a570 Base fffff8801637b000 Limit fffff88016375000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1637a5b0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff880`1637a790 fffff802`b3b65b91 : nt!KiSwapContext+0x76 fffff880`1637a6f0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1637a7b0 fffff802`b3aea5e9 : fffffa80`01c3e6a0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1637a840 fffff802`b3b65940 : 00000000`00000000 fffffa80`01c3e3c0 fffff880`1637a8e8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1637a8a0 fffff802`b3b2dc12 : fffffa80`01c3e3c0 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1637a920 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3ac211e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`1637a9e0 fffff802`b3ed0b6c : fffffa80`037db540 00000000`00000001 00000022`7e01fa00 fffff880`1637ab00 : nt!KeRemoveQueueEx+0x26b fffff880`1637aa90 fffff802`b3eafcb5 : fffffa80`037db540 fffff880`1637ab88 fffff880`1637ab80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`1637ab20 fffff802`b3b02d53 : fffffa80`01c3e3c0 00000022`7e01fa58 fffff880`1637abe8 fffff802`b3afcbad : nt!NtRemoveIoCompletion+0x135 fffff880`1637abd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1637ac40) 00000022`7e01fa38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa THREAD fffffa8001e74080 Cid 0d04.0e60 Teb: 000007f6c398c000 Win32Thread: fffff901006bd010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001e74360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 54 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017211dd0 Current fffff880172116d0 Base fffff88017212000 Limit fffff8801720c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17211710 fffff802`b3b2d99c : ffff7cad`47bf6e4a 00000000`00000000 fffffa80`01e741c0 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`17211850 fffff802`b3b29c1f : 00000000`00000000 00000000`00000001 00000000`00000000 fffff802`b3af1a00 : nt!KiCommitThreadWait+0x23c fffff880`17211910 fffff802`b3aea5e9 : fffffa80`01e74360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`172119a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`01e74080 fffff880`17211a48 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`17211a00 fffff802`b3b2dc12 : fffffa80`01e74080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`17211a80 fffff802`b3b29c1f : 00000022`03c51290 00000022`7e11ef68 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`17211b40 fffff802`b3ec9df6 : fffffa80`03d8b440 fffff880`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`17211bd0 fffff802`b3b02d53 : fffffa80`01e74080 00000022`79d0ec20 00000000`00000000 fffffa80`03d8b440 : nt!NtWaitForSingleObject+0xb6 fffff880`17211c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17211c40) 00000022`7e11f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80026a3b00 Cid 0d04.0cc0 Teb: 000007f6c398a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80026a3de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 15 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880158e9dd0 Current fffff880158e9530 Base fffff880158ea000 Limit fffff880158e4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158e9570 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000001`00000001 fffffa80`01815010 : nt!KiSwapContext+0x76 fffff880`158e96b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`158e9770 fffff802`b3aea5e9 : fffffa80`026a3de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158e9800 fffff802`b3b65940 : 00000000`00000000 fffffa80`026a3b00 fffff880`158e98a8 fffff802`b3cf813e : nt!KiSchedulerApc+0x8d fffff880`158e9860 fffff802`b3b2dc12 : fffffa80`026a3b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158e98e0 fffff802`b3b38ddb : fffff8a0`018db1c0 fffff880`158e9cc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x4b0 fffff880`158e99a0 fffff802`b3ed0b6c : fffffa80`0205a9c0 fffffa80`026a3b01 00000000`00000001 00000022`7e31fb00 : nt!KeRemoveQueueEx+0x26b fffff880`158e9a50 fffff802`b3b434d5 : fffffa80`0205a9c0 00000022`79d486e0 fffff880`158e9b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`158e9ae0 fffff802`b3b02d53 : 00000000`00000528 00000022`79d486e0 00000022`00000010 00000022`7e31fb00 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`158e9c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158e9c40) 00000022`7e31faa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8002064080 Cid 0d04.0fe0 Teb: 000007f6c3986000 Win32Thread: fffff901006d3010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002064360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 195 IdealProcessor: 0 UserTime 00:00:00.046 KernelTime 00:00:00.015 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88016400dd0 Current fffff880163fff50 Base fffff88016401000 Limit fffff880163fb000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`163fff90 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`164000d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16400190 fffff802`b3aea5e9 : fffffa80`02064360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`16400220 fffff802`b3b65940 : 00000000`00000000 fffffa80`02064080 fffff880`164002c8 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`16400280 fffff802`b3b2dc12 : fffffa80`02064080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`16400300 fffff802`b3b293cd : fffffa80`038a33f0 00000001`00000006 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`164003c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16400540 fffffa80`037a7470 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16400470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`164009b0 fffff802`b3b2d9db : nt!ObWaitForMultipleObjects+0x29c fffff880`16400980 fffff802`b3b02d53 : fffffa80`02064080 00000022`7e70f438 fffff880`16400be8 00000022`7e70f460 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16400bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16400c40) 00000022`7e70f418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8004050b00 Cid 0d04.0b5c Teb: 000007f6c3984000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8004050de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 104 IdealProcessor: 0 UserTime 00:00:00.062 KernelTime 00:00:00.015 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880172f2dd0 Current fffff880172f1f50 Base fffff880172f3000 Limit fffff880172ed000 Call 0 Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`172f1f90 fffff802`b3b2d99c : fffffa80`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172f20d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`172f2190 fffff802`b3aea5e9 : fffffa80`04050de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`172f2220 fffff802`b3b65940 : 00000000`00000000 fffffa80`04050b00 fffff880`172f22c8 00000058`cd561ad8 : nt!KiSchedulerApc+0x8d fffff880`172f2280 fffff802`b3b2dc12 : fffffa80`04050b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`172f2300 fffff802`b3b293cd : 00000000`00000000 fffff802`b3dd8280 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`172f23c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`172f2540 fffffa80`036c6fe0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`172f2470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff680`11033600 : nt!ObWaitForMultipleObjects+0x29c fffff880`172f2980 fffff802`b3b02d53 : fffffa80`04050b00 00000022`7e80faa8 fffff880`172f2be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`172f2bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172f2c40) 00000022`7e80fa88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d27080 Cid 0d04.0c4c Teb: 000007f6c3982000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d27360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 686 IdealProcessor: 0 UserTime 00:00:00.405 KernelTime 00:00:00.015 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88014f2cdd0 Current fffff88014f2c6d0 Base fffff88014f2d000 Limit fffff88014f27000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14f2c710 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14f2c850 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14f2c910 fffff802`b3aea5e9 : fffffa80`01d27360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`14f2c9a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`01d27080 fffff880`14f2ca48 00000000`00000001 : nt!KiSchedulerApc+0x8d fffff880`14f2ca00 fffff802`b3b2dc12 : fffffa80`01d27080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`14f2ca80 fffff802`b3b29c1f : 00000022`068f9000 00000000`00000000 00000000`00000000 fffffa80`03816940 : nt!KiCommitThreadWait+0x4b0 fffff880`14f2cb40 fffff802`b3ec9df6 : fffffa80`03b86540 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`14f2cbd0 fffff802`b3b02d53 : fffffa80`01d27080 00000000`ffffffff 00000000`00000000 fffffa80`03b86540 : nt!NtWaitForSingleObject+0xb6 fffff880`14f2cc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14f2cc40) 00000022`7e90f938 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002d24240 Cid 0d04.0cec Teb: 000007f6c3980000 Win32Thread: fffff901006d3b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8002d24520 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 156 IdealProcessor: 0 UserTime 00:00:00.124 KernelTime 00:00:00.031 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880158dbdd0 Current fffff880158daf50 Base fffff880158dc000 Limit fffff880158d6000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158daf90 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`158db0d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`158db190 fffff802`b3aea5e9 : fffffa80`02d24520 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158db220 fffff802`b3b65940 : 00000000`00000000 fffffa80`02d24240 fffff880`158db2c8 fffff880`0358527d : nt!KiSchedulerApc+0x8d fffff880`158db280 fffff802`b3b2dc12 : fffffa80`02d24240 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158db300 fffff802`b3b293cd : fffffa80`01cdc4c0 fffff802`00000006 00000000`00000000 fffff880`03e71000 : nt!KiCommitThreadWait+0x4b0 fffff880`158db3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`158db540 fffffa80`0380ea60 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`158db470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 fffff880`158db9b0 fffff802`b3b2d9db : nt!ObWaitForMultipleObjects+0x29c fffff880`158db980 fffff802`b3b02d53 : fffffa80`02d24240 00000022`7ea2f568 fffff880`158dbbe8 00000022`7ea2f590 : nt!NtWaitForMultipleObjects+0xe3 fffff880`158dbbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158dbc40) 00000022`7ea2f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80020b8b00 Cid 0d04.0a4c Teb: 000007f6c397c000 Win32Thread: fffff901006d5010 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80020b8de0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 153 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880154f6dd0 Current fffff880154f63c0 Base fffff880154f7000 Limit fffff880154f1000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`154f6400 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`154f6540 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`154f6600 fffff802`b3aea5e9 : fffffa80`020b8de0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`154f6690 fffff802`b3b65940 : 00000000`00000000 fffffa80`020b8b00 fffff880`154f6738 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`154f66f0 fffff802`b3b2dc12 : fffffa80`020b8b00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`154f6770 fffff802`b3b29c1f : fffffa80`0263ee70 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`154f6830 fffff802`b3b2943e : fffffa80`01cdffe0 00000000`0000000d fffffa80`020b8b01 fffff802`b3b3a300 : nt!KeWaitForSingleObject+0x1cf fffff880`154f68c0 fffff960`00153e07 : 00000000`00000001 fffff880`154f69e0 00000000`00000000 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`154f6970 fffff960`00154765 : fffff901`040b0000 fffff901`006d0000 00000000`00003dff 00000000`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`154f6a40 fffff960`00152e99 : fffff880`154f6cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`154f6a90 fffff960`001545f3 : fffff880`154f6bf8 00000022`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`154f6bb0 fffff802`b3b02d53 : fffffa80`020b8b00 00000000`00000000 00000000`00000020 fffffa80`02cd73f0 : win32k!NtUserGetMessage+0x83 fffff880`154f6c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`154f6c40) 00000022`7f1af928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8001dfb080 Cid 0d04.0c6c Teb: 000007f6c397a000 Win32Thread: fffff9010069bb90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001dfb360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 512 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88015948dd0 Current fffff880159486d0 Base fffff88015949000 Limit fffff88015943000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15948710 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15948850 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15948910 fffff802`b3aea5e9 : fffffa80`01dfb360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`159489a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`01dfb080 fffff880`15948a48 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`15948a00 fffff802`b3b2dc12 : fffffa80`01dfb080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15948a80 fffff802`b3b29c1f : 00000000`00000000 fffff802`b3d7f180 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`15948b40 fffff802`b3ec9df6 : fffffa80`02cd73f0 fffff802`00000006 00000000`00000001 fffff802`b3ed0e00 : nt!KeWaitForSingleObject+0x1cf fffff880`15948bd0 fffff802`b3b02d53 : fffffa80`01dfb080 00000000`ffffffff 00000000`00000000 fffffa80`02cd73f0 : nt!NtWaitForSingleObject+0xb6 fffff880`15948c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15948c40) 00000022`7f2af9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8003629900 Cid 0d04.05a0 Teb: 000007f6c3978000 Win32Thread: fffff901006d5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003629be0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 1296 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address 0x000007fee69746d4 Stack Init fffff880158e2dd0 Current fffff880158e1f50 Base fffff880158e3000 Limit fffff880158dd000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`158e1f90 fffff802`b3b2d99c : fffff802`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`158e20d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`158e2190 fffff802`b3aea5e9 : fffffa80`03629be0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`158e2220 fffff802`b3b65940 : 00000000`00000000 fffffa80`03629900 fffff880`158e22c8 fffff802`00000002 : nt!KiSchedulerApc+0x8d fffff880`158e2280 fffff802`b3b2dc12 : fffffa80`03629900 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`158e2300 fffff802`b3b293cd : fffff880`158e2520 00000001`00000005 00000000`00000000 00000000`00da7a64 : nt!KiCommitThreadWait+0x4b0 fffff880`158e23c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`158e2540 fffffa80`01cdfed0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`158e2470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3d0d000 : nt!ObWaitForMultipleObjects+0x29c fffff880`158e2980 fffff802`b3b02d53 : fffffa80`03629900 00000022`7f3af498 fffff880`158e2be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`158e2bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`158e2c40) 00000022`7f3af478 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800404cb00 Cid 0d04.0508 Teb: 000007f6c3976000 Win32Thread: fffff90103fe5710 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800404cde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff88017248dd0 Current fffff88017247f50 Base fffff88017249000 Limit fffff88017243000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17247f90 fffff802`b3b2d99c : fffff980`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`172480d0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17248190 fffff802`b3aea5e9 : fffffa80`0404cde0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`17248220 fffff802`b3b65940 : 00000000`00000000 fffffa80`0404cb00 fffff880`172482c8 fffff880`00000002 : nt!KiSchedulerApc+0x8d fffff880`17248280 fffff802`b3b2dc12 : fffffa80`0404cb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`17248300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 ffff7cad`47bafb1a : nt!KiCommitThreadWait+0x4b0 fffff880`172483c0 fffff802`b3eca2ac : 00000000`00000002 fffff880`17248540 fffffa80`02611210 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17248470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000010 : nt!ObWaitForMultipleObjects+0x29c fffff880`17248980 fffff802`b3b02d53 : fffffa80`0404cb00 00000022`0446f638 fffff880`17248be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17248bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17248c40) 00000022`0446f618 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800398db00 Cid 0d04.03ac Teb: 000007f6c3974000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800398dde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 17 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015ea0dd0 Current fffff88015ea0530 Base fffff88015ea1000 Limit fffff88015e9b000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15ea0570 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000001 fffff802`b3b65b91 : nt!KiSwapContext+0x76 fffff880`15ea06b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15ea0770 fffff802`b3aea5e9 : fffffa80`0398dde0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`15ea0800 fffff802`b3b65940 : 00000000`00000000 fffffa80`0398db00 fffff880`15ea08a8 fffff802`b3b916cc : nt!KiSchedulerApc+0x8d fffff880`15ea0860 fffff802`b3b2dc12 : fffffa80`0398db00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`15ea08e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`15ea09a0 fffff802`b3ed0b6c : fffffa80`03b5bb00 fffffa80`0398db01 00000000`00000001 00000022`0456fa00 : nt!KeRemoveQueueEx+0x26b fffff880`15ea0a50 fffff802`b3b434d5 : fffffa80`03b5bb00 00000022`03b028d0 fffff880`15ea0b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`15ea0ae0 fffff802`b3b02d53 : 00000000`000009c8 00000022`03b028d0 fffff880`00000010 00000022`0456fa50 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15ea0c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15ea0c40) 00000022`0456f9f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800200f480 Cid 0d04.0398 Teb: 000007f6c399a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800200f760 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8003816940 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8800319bdd0 Current fffff8800319b5b0 Base fffff8800319c000 Limit fffff88003196000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`0319b5f0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`0319b730 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`0319b7f0 fffff802`b3aea5e9 : fffffa80`0200f760 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`0319b880 fffff802`b3b65940 : 00000000`00000000 fffffa80`0200f480 fffff880`0319b928 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`0319b8e0 fffff802`b3b2dc12 : fffffa80`0200f480 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`0319b960 fffff802`b3b29c1f : fffff8a0`02777c80 00000000`00000000 00000000`00000000 fffff802`b3cf72ba : nt!KiCommitThreadWait+0x4b0 fffff880`0319ba20 fffff802`b3e257a4 : fffffa80`03644d68 fffff8a0`00000000 fffffa80`00000001 00000000`00abfc00 : nt!KeWaitForSingleObject+0x1cf fffff880`0319bab0 fffff802`b3e8418b : 00000000`00000100 00000000`00000000 fffff880`0319bb40 00000000`00000001 : nt!EtwpReceiveNotification+0x6c fffff880`0319bb20 fffff802`b3b02d53 : 00000000`00000010 00000000`00000000 fffff6fb`7dbed078 fffff6fb`7da0ffd8 : nt!NtTraceControl+0x337 fffff880`0319bbd0 000007fe`f7ec459b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0319bc40) 00000022`048efd58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTraceControl+0xa PROCESS fffffa8001f7b7c0 SessionId: 2 Cid: 0e74 Peb: 7f6c39d9000 ParentCid: 0c80 DeepFreeze DirBase: 6772a000 ObjectTable: fffff8a0084321c0 HandleCount: Image: iexplore.exe THREAD fffffa8001d50700 Cid 0e74.0184 Teb: 000007f6c39de000 Win32Thread: fffff90103fed5e0 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8001d509e0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 88 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6c49b1b00 Stack Init fffff880171f5dd0 Current fffff880171f4ec0 Base fffff880171f6000 Limit fffff880171f0000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171f4f00 fffff802`b3b2d99c : fffff802`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`171f5040 fffff802`b3b29c1f : fffffa80`01d50700 fffff880`171f5770 00000000`00000000 fffff880`171f5500 : nt!KiCommitThreadWait+0x23c fffff880`171f5100 fffff802`b3aea5e9 : fffffa80`01d509e0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`171f5190 fffff802`b3b65940 : 00000000`00000000 fffffa80`01d50700 fffff880`171f5238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`171f51f0 fffff802`b3b2dc12 : fffffa80`01d50700 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`171f5270 fffff802`b3b29c1f : fffff8a0`06759468 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`171f5330 fffff802`b3b2943e : fffffa80`01ff87c0 00000000`00000006 fffff8a0`065a0b01 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`171f53c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`171f5540 fffff880`171f5b10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`171f5470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`171f5980 fffff802`b3b02d53 : fffffa80`01d50700 00000047`cd40f3d8 fffff880`171f5be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`171f5bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171f5c40) 00000047`cd40f3b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018ffb00 Cid 0e74.0b44 Teb: 000007f6c39dc000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa80018ffde0 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 52 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017076dd0 Current fffff880170766d0 Base fffff88017077000 Limit fffff88017071000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`17076710 fffff802`b3b2d99c : ffff7cad`47991e4a 00000000`00000000 fffffa80`018ffc40 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`17076850 fffff802`b3b29c1f : 00000000`00000000 00000000`00000001 00000000`00000000 fffff802`b3af1a00 : nt!KiCommitThreadWait+0x23c fffff880`17076910 fffff802`b3aea5e9 : fffffa80`018ffde0 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`170769a0 fffff802`b3b65940 : 00000000`00000000 fffffa80`018ffb00 fffff880`17076a48 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`17076a00 fffff802`b3b2dc12 : fffffa80`018ffb00 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`17076a80 fffff802`b3b29c1f : 00000047`cd60fc60 00000047`cd7becd8 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`17076b40 fffff802`b3ec9df6 : fffffa80`01fa4710 fffff880`00000006 00000000`00000001 fffff802`b3f4c300 : nt!KeWaitForSingleObject+0x1cf fffff880`17076bd0 fffff802`b3b02d53 : fffffa80`018ffb00 00000047`cd5f7840 00000000`00000000 fffffa80`01fa4710 : nt!NtWaitForSingleObject+0xb6 fffff880`17076c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17076c40) 00000047`cd7bf458 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa800377f080 Cid 0e74.0844 Teb: 000007f6c39da000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa800377f360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 19 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003dc8dd0 Current fffff88003dc8530 Base fffff88003dc9000 Limit fffff88003dc3000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`03dc8570 fffff802`b3b2d99c : fffff802`b3a89000 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03dc86b0 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03dc8770 fffff802`b3aea5e9 : fffffa80`0377f360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`03dc8800 fffff802`b3b65940 : 00000000`00000000 fffffa80`0377f080 fffff880`03dc88a8 fffffa80`0377f428 : nt!KiSchedulerApc+0x8d fffff880`03dc8860 fffff802`b3b2dc12 : fffffa80`0377f080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`03dc88e0 fffff802`b3b38ddb : 00000000`60000000 fffff880`03dc8a70 00000000`00000000 00000047`cd633ea8 : nt!KiCommitThreadWait+0x4b0 fffff880`03dc89a0 fffff802`b3ed0b6c : fffffa80`02eabe40 fffffa80`0377f001 00000000`00000001 00000047`cf34fc00 : nt!KeRemoveQueueEx+0x26b fffff880`03dc8a50 fffff802`b3b434d5 : fffffa80`02eabe40 00000047`cd60a090 fffff880`03dc8b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`03dc8ae0 fffff802`b3b02d53 : 00000000`00000188 00000047`cd60a090 00000047`00000010 00000047`cf34fcc0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03dc8c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03dc8c40) 00000047`cf34fc68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003eff080 Cid 0e74.00e0 Teb: 000007f6c39d7000 Win32Thread: fffff901006e5b90 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003eff360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 16 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fee69746d4 Stack Init fffff8801700ddd0 Current fffff8801700cec0 Base fffff8801700e000 Limit fffff88017008000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1700cf00 fffff802`b3b2d99c : 00000000`00000005 00000000`00000000 00000000`00000002 fffff802`b3ec00be : nt!KiSwapContext+0x76 fffff880`1700d040 fffff802`b3b29c1f : fffff880`1700d610 fffff880`1700d770 00000000`00000000 fffff880`1700d500 : nt!KiCommitThreadWait+0x23c fffff880`1700d100 fffff802`b3aea5e9 : fffffa80`03eff360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1700d190 fffff802`b3b65940 : 00000000`00000000 fffffa80`03eff080 fffff880`1700d238 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1700d1f0 fffff802`b3b2dc12 : fffffa80`03eff080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1700d270 fffff802`b3b29c1f : fffff8a0`06759468 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x4b0 fffff880`1700d330 fffff802`b3b2943e : fffffa80`02186540 00000000`00000006 fffff8a0`065a0b01 fffff802`b3f5bb00 : nt!KeWaitForSingleObject+0x1cf fffff880`1700d3c0 fffff802`b3eca2ac : 00000000`00000001 fffff880`1700d540 fffff880`1700db10 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`1700d470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff8a0`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1700d980 fffff802`b3b02d53 : fffffa80`03eff080 00000047`cff8f398 fffff880`1700dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1700dbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1700dc40) 00000047`cff8f378 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003e46080 Cid 0e74.0a0c Teb: 000007f6c38ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable FreezeCount 1 fffffa8003e46360 NotificationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001f7b7c0 Image: iexplore.exe Attached Process N/A Image: N/A Wait Start TickCount 15734574 Ticks: 6554 (0:00:01:42.243) Context Switch Count 11 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac) Stack Init fffff8801615ddd0 Current fffff8801615d5b0 Base fffff8801615e000 Limit fffff88016158000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1615d5f0 fffff802`b3b2d99c : fffff6fb`00000000 00000000`00000000 fffff6fb`00000000 fffff6fb`7dbedf70 : nt!KiSwapContext+0x76 fffff880`1615d730 fffff802`b3b29c1f : 000007fe`f7f53001 fffff802`b3b4a3ed 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1615d7f0 fffff802`b3aea5e9 : fffffa80`03e46360 00000000`00000005 00000000`00000000 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1615d880 fffff802`b3b65940 : 00000000`00000000 fffffa80`03e46080 fffff880`1615d928 00000000`00000000 : nt!KiSchedulerApc+0x8d fffff880`1615d8e0 fffff802`b3b2dc12 : fffffa80`03e46080 00000000`00000000 fffff802`b3aea55c 00000000`00000000 : nt!KiDeliverApc+0x1f0 fffff880`1615d960 fffff802`b3b29c1f : fffff8a0`01aa9da0 00000000`00000000 00000000`00000000 fffff802`b3cf72ba : nt!KiCommitThreadWait+0x4b0 fffff880`1615da20 fffff802`b3e257a4 : fffffa80`036be6b8 fffff8a0`00000000 fffffa80`00000001 00000000`00abfc00 : nt!KeWaitForSingleObject+0x1cf fffff880`1615dab0 fffff802`b3e8418b : 00000000`00000100 00000000`00000000 fffff880`1615db40 fffff880`00000001 : nt!EtwpReceiveNotification+0x6c fffff880`1615db20 fffff802`b3b02d53 : 00000000`00000010 00000000`00000000 fffff6fb`7dbed078 fffff6fb`7da0ffd8 : nt!NtTraceControl+0x337 fffff880`1615dbd0 000007fe`f7ec459b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1615dc40) 00000047`d038f9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtTraceControl+0xa PROCESS fffffa8002d74180 SessionId: 2 Cid: 0ca0 Peb: 7f770b7f000 ParentCid: 0d68 DirBase: 08818000 ObjectTable: fffff8a001f18d80 HandleCount: Image: Taskmgr.exe THREAD fffffa8003db4740 Cid 0ca0.03e0 Teb: 000007f770b7d000 Win32Thread: fffff90104094830 RUNNING on processor 0 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741128 Ticks: 0 Context Switch Count 31359 IdealProcessor: 0 UserTime 00:00:09.859 KernelTime 00:00:07.394 Win32 Start Address taskmgr!wWinMainCRTStartup (0x000007f770e68688) Stack Init fffff88015925dd0 Current fffff88015925800 Base fffff88015926000 Limit fffff88015920000 Call 0 Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15925ae8 fffff802`b400f0dd : 00000000`000000ef fffffa80`02e6b1c0 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffff880`15925af0 fffff802`b3ea8f6d : fffffa80`02e6b1c0 00000000`144d2c01 00000000`00000000 ffff7cad`450c235a : nt!PspCatchCriticalBreak+0xad fffff880`15925b30 fffff802`b3ea8019 : fffffa80`02e6b1c0 00000000`144d2c01 fffffa80`02e6b1c0 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x46f60 fffff880`15925b90 fffff802`b3ea7e52 : ffffffff`ffffffff fffffa80`02d74180 fffffa80`02e6b1c0 00000000`00000001 : nt!PspTerminateProcess+0x6d fffff880`15925bd0 fffff802`b3b02d53 : fffffa80`02e6b1c0 fffffa80`03db4740 fffff880`15925cc0 00000000`00000000 : nt!NtTerminateProcess+0x9e fffff880`15925c40 000007fe`f7ec2eaa : 000007fe`f4ff1295 01cdb4a0`a55348d5 00000000`001ef1ed 00000000`00000648 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15925c40) 000000f0`6e86f3e8 000007fe`f4ff1295 : 01cdb4a0`a55348d5 00000000`001ef1ed 00000000`00000648 00000000`00000000 : ntdll!NtTerminateProcess+0xa 000000f0`6e86f3f0 000007f7`70e012ba : 01cdb4a0`a55348d5 00000000`00000000 01cdb4a0`a55348d5 00000000`00000000 : KERNELBASE!TerminateProcess+0x25 000000f0`6e86f420 000007f7`70df3698 : 00000000`00000001 000000f0`00000001 000000f0`6e86f539 00000000`00000000 : taskmgr!WdcProcessMonitor::OnProcessCommand+0x1b6 000000f0`6e86f4b0 000007f7`70df55bb : 00000000`00000002 000007fe`f2a81388 00000000`00000000 000007fe`00000001 : taskmgr!WdcListView::OnProcessCommand+0x1e0 000000f0`6e86f5a0 000007f7`70df5b47 : 00000000`00000000 000000f0`6e86f6b1 00000000`000076c0 000000f0`6ea75420 : taskmgr!WdcListView::OnCommand+0x123 000000f0`6e86f5f0 000007fe`f2227239 : 000000f0`6ee29fd0 000007fe`f2227300 00000000`00010330 00000000`00000000 : taskmgr!WdcListView::OnMessage+0x287 000000f0`6e86f710 000007fe`f2a82d23 : 00000000`00000000 000000f0`6ea93fc0 00000000`00000002 000000f0`6e86f828 : DUI70!DirectUI::HWNDHost::_CtrlWndProc+0xa1 000000f0`6e86f770 000007fe`f56c171e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00010330 : DUser!WndBridge::RawWndProc+0x73 000000f0`6e86f7e0 000007fe`f56c14d7 : 000000f0`6ee29fd0 000000f0`6e86f998 000007f7`70b7d800 000000f0`702c0f00 : USER32!UserCallWinProcCheckWow+0x13a 000000f0`6e86f8a0 000007f7`70e1b0e1 : 000000f0`6e86f980 00000000`00000000 00000000`000103be 00000000`00000000 : USER32!DispatchMessageWorker+0x1a7 000000f0`6e86f920 000007f7`70e685e6 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : taskmgr!wWinMain+0x44d 000000f0`6e86fde0 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!CBaseRPCTimeout::Disarm+0x31a 000000f0`6e86fea0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`6e86fed0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039dfb00 Cid 0ca0.0564 Teb: 000007f770b7b000 Win32Thread: fffff90103f44710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003665fe0 SynchronizationEvent fffffa8002cc1d30 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699020 Ticks: 42108 (0:00:10:56.889) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10) Stack Init fffff880155d5dd0 Current fffff880155d5180 Base fffff880155d6000 Limit fffff880155d0000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`155d51c0 fffff802`b3b2d99c : 04070400`06431000 00000000`00000000 fffffa80`01a2e000 fffffa80`01a2eefc : nt!KiSwapContext+0x76 fffff880`155d5300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`155d53c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`155d5540 fffffa80`02cc1d30 ffffd319`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`155d5470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3d7f180 : nt!ObWaitForMultipleObjects+0x29c fffff880`155d5980 fffff802`b3b02d53 : fffffa80`039dfb00 000000f0`7025f958 fffff880`155d5be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`155d5bd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000007fe`02000002 000000f0`6e9c2840 00000000`02000002 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`155d5c40) 000000f0`7025f938 000007fe`f4fd12c6 : 000007fe`02000002 000000f0`6e9c2840 00000000`02000002 000000f0`6e9b44b0 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7025f940 000007fe`f56c2c83 : 00000000`00000004 000007f7`70b7f000 000072b2`00000000 00000000`000000dc : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7025fc20 000007fe`f2aa160b : 00000000`ffffffff 00000000`00000001 000000f0`7025fe38 00000000`00000001 : USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7025fcd0 000007fe`f2aa15db : 00000000`00000000 000000f0`7025fe38 00000000`00000000 000007fe`00000000 : DUser!CoreSC::xwProcessNL+0x5bb 000000f0`7025fda0 000007fe`f2aa14fe : 00000000`00000000 00000000`00000000 00000000`00000001 000000f0`6edd60a0 : DUser!GetMessageExA+0x6b 000000f0`7025fdf0 000007fe`f782707b : 000000f0`6edd60a0 000000f0`6e9c3560 00000000`00000000 00000000`00000000 : DUser!ResourceManager::SharedThreadProc+0xfe 000000f0`7025fe80 000007fe`f7845e6d : 000007fe`f78ae9e0 000000f0`6edd60a0 00000000`00000000 00000000`00000000 : msvcrt!endthreadex+0xcb 000000f0`7025feb0 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msvcrt!endthreadex+0xac 000000f0`7025fee0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7025ff10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003253b00 Cid 0ca0.0d64 Teb: 000007f770b79000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa800307aca0 NotificationEvent fffffa80036357a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 653 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159dadd0 Current fffff880159da180 Base fffff880159db000 Limit fffff880159d5000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159da1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000008 : nt!KiSwapContext+0x76 fffff880`159da300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`159da3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`159da540 fffffa80`036357a0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`159da470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`159da980 fffff802`b3b02d53 : fffffa80`03253b00 000000f0`7238f518 fffff880`159dabe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`159dabd0 000007fe`f7ec319b : 000007fe`f4fd12c6 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159dac40) 000000f0`7238f4f8 000007fe`f4fd12c6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7238f500 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7238f7e0 000007f7`70dfdc81 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`7238f820 000007f7`70dfdf54 : 000000f0`6eddbcb0 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7238f860 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7238f8a0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7238f8d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003b45b00 Cid 0ca0.0824 Teb: 000007f770b77000 Win32Thread: fffff90103f5cb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003612250 NotificationEvent fffffa8002cb6890 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2818 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.124 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801595ddd0 Current fffff8801595d180 Base fffff8801595e000 Limit fffff88015958000 Call 0 Priority 13 BasePriority 10 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1595d1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000003 fffff880`1595d7f0 : nt!KiSwapContext+0x76 fffff880`1595d300 fffff802`b3b293cd : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1595d3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1595d540 fffffa80`02cb6890 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1595d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3d0d000 : nt!ObWaitForMultipleObjects+0x29c fffff880`1595d980 fffff802`b3b02d53 : fffffa80`03b45b00 000000f0`7240fa18 fffff880`1595dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1595dbd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000000f0`6e9b1c90 000000f0`00000000 000000f0`72b451a0 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1595dc40) 000000f0`7240f9f8 000007fe`f4fd12c6 : 000000f0`6e9b1c90 000000f0`00000000 000000f0`72b451a0 000000f0`72b45160 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7240fa00 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7240fce0 000007f7`70dfdc81 : 000000f0`72210080 00000000`00000000 00000000`00000000 000000f0`72210080 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`7240fd20 000007f7`70dfdf54 : 000000f0`72210080 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7240fd60 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7240fda0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7240fdd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80018eab00 Cid 0ca0.0888 Teb: 000007f770b75000 Win32Thread: fffff90103ff8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c81ca0 NotificationEvent fffffa80036767a0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 4747 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff8801594fdd0 Current fffff8801594f180 Base fffff88015950000 Limit fffff8801594a000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`1594f1c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000003 fffff880`1594f7f0 : nt!KiSwapContext+0x76 fffff880`1594f300 fffff802`b3b293cd : 00000000`00000000 fffff880`1594f4d8 00000000`00000000 fffff802`b3b4749f : nt!KiCommitThreadWait+0x23c fffff880`1594f3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`1594f540 fffffa80`036767a0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`1594f470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3b2c272 : nt!ObWaitForMultipleObjects+0x29c fffff880`1594f980 fffff802`b3b02d53 : fffffa80`018eab00 000000f0`7248f568 fffff880`1594fbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`1594fbd0 000007fe`f7ec319b : 000007fe`f4fd12c6 00000000`00000032 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1594fc40) 000000f0`7248f548 000007fe`f4fd12c6 : 00000000`00000032 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7248f550 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7248f830 000007f7`70dfdc81 : 000000f0`6edd7401 000007f7`00000001 00000000`00000010 000000f0`00000000 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`7248f870 000007f7`70dfdf54 : 000000f0`6edd7480 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::DoUpdates+0x3d 000000f0`7248f8b0 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7248f8f0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7248f920 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80033f63c0 Cid 0ca0.0e28 Teb: 000007f770b73000 Win32Thread: fffff901006bb710 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040844b0 NotificationEvent fffffa8002e58710 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699023 Ticks: 42105 (0:00:10:56.842) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff880159ccdd0 Current fffff880159cc180 Base fffff880159cd000 Limit fffff880159c7000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`159cc1c0 fffff802`b3b2d99c : fffff880`159cc3d0 00000000`00000000 fffff880`159cc5a0 fffff8a0`06c352a0 : nt!KiSwapContext+0x76 fffff880`159cc300 fffff802`b3b293cd : 00000000`00000001 fffff880`159cc610 00000000`00000000 fffff802`b3ee5ee6 : nt!KiCommitThreadWait+0x23c fffff880`159cc3c0 fffff802`b3eca2ac : fffffa80`00000002 fffff880`159cc540 fffffa80`02e58710 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`159cc470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`0263eea0 : nt!ObWaitForMultipleObjects+0x29c fffff880`159cc980 fffff802`b3b02d53 : fffffa80`033f63c0 000000f0`7250f468 fffff880`159ccbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`159ccbd0 000007fe`f7ec319b : 000007fe`f4fd12c6 00000000`00000000 000007fe`f7efe720 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159ccc40) 000000f0`7250f448 000007fe`f4fd12c6 : 00000000`00000000 000007fe`f7efe720 00000000`00000000 000007fe`f7ee2592 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7250f450 000007fe`f56c2c83 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000270 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7250f730 000007f7`70e43c03 : 00000000`00000000 000000f0`7221ccc0 00000000`00000000 00000000`00000000 : USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7250f7e0 000007f7`70dfdf54 : 000000f0`7221aac0 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcAppHistoryMonitor::DoUpdates+0x3f 000000f0`7250f850 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7250f890 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7250f8c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f075c0 Cid 0ca0.06d4 Teb: 000007f770a4c000 Win32Thread: fffff901040b5b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d94de0 NotificationEvent fffffa800371fc70 SynchronizationEvent fffffa8002d704f0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 19727 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.078 Win32 Start Address taskmgr!TmTraceControl::IncrementThread (0x000007f770df1fc4) Stack Init fffff880159efdd0 Current fffff880159ef180 Base fffff880159f0000 Limit fffff880159ea000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`159ef1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000002 : nt!KiSwapContext+0x76 fffff880`159ef300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`159ef3c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`159ef540 fffffa80`02d704f0 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`159ef470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffffa80`01fc5cd0 : nt!ObWaitForMultipleObjects+0x29c fffff880`159ef980 fffff802`b3b02d53 : fffffa80`01f075c0 000000f0`7260fb78 fffff880`159efbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`159efbd0 000007fe`f7ec319b : 000007fe`f4fd12c6 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`159efc40) 000000f0`7260fb58 000007fe`f4fd12c6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7260fb60 000007fe`f6011292 : 000000f0`7260fed8 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7260fe40 000007f7`70df2118 : 000000f0`00000058 000000f0`7260fed0 000000f0`7260fec9 00000000`00000000 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`7260fe80 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!TmTraceControl::IncrementThreadInternal+0x148 000000f0`7260ff30 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7260ff60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003f23b00 Cid 0ca0.0db8 Teb: 000007f770a4a000 Win32Thread: fffff90103fa5610 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d1420 NotificationEvent fffffa80036c8cb0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741106 Ticks: 22 (0:00:00:00.343) Context Switch Count 811 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!CRUMAPIHelper::SrumThread (0x000007f770e0db10) Stack Init fffff88015e0ddd0 Current fffff88015e0d180 Base fffff88015e0e000 Limit fffff88015e08000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e0d1c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 fffff802`00000004 : nt!KiSwapContext+0x76 fffff880`15e0d300 fffff802`b3b293cd : fffff802`b3d0d000 fffff802`b3afc9fc 00000000`00000000 00000000`00000700 : nt!KiCommitThreadWait+0x23c fffff880`15e0d3c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15e0d540 fffffa80`036c8cb0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15e0d470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`01db2070 : nt!ObWaitForMultipleObjects+0x29c fffff880`15e0d980 fffff802`b3b02d53 : fffffa80`03f23b00 000000f0`7268f4d8 fffff880`15e0dbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15e0dbd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000000f0`70e27ff0 000000f0`6ea07f00 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e0dc40) 000000f0`7268f4b8 000007fe`f4fd12c6 : 000000f0`70e27ff0 000000f0`6ea07f00 00000000`00000000 000000f0`6ea7df60 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7268f4c0 000007fe`f56c2c83 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000244 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7268f7a0 000007f7`70e0dd3a : 00000000`00000000 000000f0`722218f0 00000000`00000000 00000000`000001b4 : USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7268f850 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!CRUMAPIHelper::SrumThread+0x22a 000000f0`7268f940 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7268f970 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa800404a080 Cid 0ca0.0c88 Teb: 000007f770a48000 Win32Thread: fffff901006b9710 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c95500 NotificationEvent fffffa8003f37990 SynchronizationEvent fffffa800409e6c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699025 Ticks: 42103 (0:00:10:56.811) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e22dd0 Current fffff88015e22180 Base fffff88015e23000 Limit fffff88015e1d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15e221c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e22300 fffff802`b3b293cd : fffff880`15e22698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`15e223c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`15e22540 fffffa80`0409e6c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15e22470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 00000000`00000002 : nt!ObWaitForMultipleObjects+0x29c fffff880`15e22980 fffff802`b3b02d53 : fffffa80`0404a080 000000f0`7270f468 fffff880`15e22be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15e22bd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000000f0`00000000 000007fe`00000000 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e22c40) 000000f0`7270f448 000007fe`f4fd12c6 : 000000f0`00000000 000007fe`00000000 00000000`00000001 000007fe`f7ee154e : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7270f450 000007fe`f56c2c83 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000258 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7270f730 000007f7`70e475fd : 00000000`00000000 00000000`00000000 00000000`00000001 000000f0`72223c01 : USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7270f7e0 000007f7`70dfdf54 : 000000f0`72221940 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcUserMonitor::DoUpdates+0x65 000000f0`7270f870 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7270f8b0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7270f8e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001de0b00 Cid 0ca0.0c84 Teb: 000007f770a46000 Win32Thread: fffff9010065f010 WAIT: (UserRequest) UserMode Non-Alertable fffffa800372dc50 NotificationEvent fffffa80041961c0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2887 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e29dd0 Current fffff88015e29180 Base fffff88015e2a000 Limit fffff88015e24000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e291c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0000002f : nt!KiSwapContext+0x76 fffff880`15e29300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e293c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15e29540 fffffa80`041961c0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15e29470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`0419ea40 : nt!ObWaitForMultipleObjects+0x29c fffff880`15e29980 fffff802`b3b02d53 : fffffa80`01de0b00 000000f0`7278f368 fffff880`15e29be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15e29bd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000000f0`70e27ff0 000000f0`6ea07f00 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e29c40) 000000f0`7278f348 000007fe`f4fd12c6 : 000000f0`70e27ff0 000000f0`6ea07f00 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7278f350 000007fe`f56c2c83 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000254 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7278f630 000007f7`70e43c03 : 00000000`00000000 000000f0`7222a450 00000000`00000000 00000000`00000000 : USER32!MsgWaitForMultipleObjectsEx+0x144 000000f0`7278f6e0 000007f7`70dfdf54 : 000000f0`72228250 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcAppHistoryMonitor::DoUpdates+0x3f 000000f0`7278f750 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7278f790 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7278f7c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80039d3b00 Cid 0ca0.07e4 Teb: 000007f770a44000 Win32Thread: fffff901040e2530 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002067370 SynchronizationEvent fffffa8003f46e10 NotificationEvent fffffa800205cce0 SynchronizationEvent fffffa8003826490 SynchronizationEvent fffffa8003ee0dc0 SynchronizationEvent fffffa80030959b8 NotificationEvent fffffa800362fd18 NotificationEvent IRP List: fffffa800211ac10: (0006,03e8) Flags: 00060000 Mdl: 00000000 fffffa800198a360: (0006,03e8) Flags: 00060000 Mdl: 00000000 Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15699048 Ticks: 42080 (0:00:10:56.452) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c) Stack Init fffff88015e3edd0 Current fffff88015e3e180 Base fffff88015e3f000 Limit fffff88015e39000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`15e3e1c0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`15e3e300 fffff802`b3b293cd : fffffa80`0362fc80 00000001`0362fc80 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`15e3e3c0 fffff802`b3eca2ac : fffffa80`00000007 fffff880`15e3e540 fffffa80`0362fd18 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15e3e470 fffff802`b3eca723 : 00000000`00000007 00000000`00000001 00000000`00000000 00000000`0000000c : nt!ObWaitForMultipleObjects+0x29c fffff880`15e3e980 fffff802`b3b02d53 : fffffa80`039d3b00 000000f0`7280f5a8 fffff880`15e3ebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15e3ebd0 000007fe`f7ec319b : 000007fe`f4fd12c6 006d0061`00720067 00740053`005c0073 00750074`00720061 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e3ec40) 000000f0`7280f588 000007fe`f4fd12c6 : 006d0061`00720067 00740053`005c0073 00750074`00720061 00000000`00000070 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`7280f590 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000001 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`7280f870 000007f7`70e57ed5 : 00000000`00000000 00000000`00000011 00000000`00000430 00000000`00000438 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`7280f8b0 000007f7`70dfdf54 : 000000f0`7222a540 000000f0`7222a540 00000000`00000000 00000000`00000000 : taskmgr!WdcStartupMonitor::DoUpdates+0x2ad 000000f0`7280fdc0 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcDataMonitor::UpdateThread+0x38 000000f0`7280fe00 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7280fe30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002d01200 Cid 0ca0.0a9c Teb: 000007f770a42000 Win32Thread: fffff901040f7b90 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 565 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015e4cdd0 Current fffff88015e4c760 Base fffff88015e4d000 Limit fffff88015e47000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15e4c7a0 fffff802`b3b2d99c : 000000f0`7288f602 00000000`00000000 000007fe`f7ee38c0 000000f0`6ea2ac70 : nt!KiSwapContext+0x76 fffff880`15e4c8e0 fffff802`b3b38ddb : 00000000`00000002 fffff802`b3b43240 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15e4c9a0 fffff802`b3ed0b6c : fffffa80`01e75ec0 fffffa80`02d01201 00000000`00000001 000000f0`7288f800 : nt!KeRemoveQueueEx+0x26b fffff880`15e4ca50 fffff802`b3b434d5 : fffffa80`01e75ec0 000000f0`6ea95f20 fffff880`15e4cb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`15e4cae0 fffff802`b3b02d53 : 00000000`00000214 000000f0`6ea95f20 000000f0`00000010 000000f0`7288f860 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15e4cc40 000007fe`f7ec46ab : 000007fe`f7ec84b3 00000000`00000002 000000f0`6ea6abd0 000000f0`6ea2ac70 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15e4cc40) 000000f0`7288f808 000007fe`f7ec84b3 : 00000000`00000002 000000f0`6ea6abd0 000000f0`6ea2ac70 000000f0`6ea962a0 : ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`7288f810 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x275 000000f0`7288fab0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`7288fae0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80040036c0 Cid 0ca0.0244 Teb: 000007f770a3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80021566a0 SynchronizationEvent fffffa8002cd3ce0 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1896 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcServiceCache::s_InformClientsThread (0x000007f770e07be4) Stack Init fffff88015f10dd0 Current fffff88015f10180 Base fffff88015f11000 Limit fffff88015f0b000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15f101c0 fffff802`b3b2d99c : 00000071`00000001 00000000`00000000 00000000`00000001 842d509e`79aa0000 : nt!KiSwapContext+0x76 fffff880`15f10300 fffff802`b3b293cd : 00000000`00000000 fffff880`15f10750 00000000`00000000 00000000`00000001 : nt!KiCommitThreadWait+0x23c fffff880`15f103c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`15f10540 fffffa80`02cd3ce0 fffffa80`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`15f10470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`15f10980 fffff802`b3b02d53 : fffffa80`040036c0 000000f0`72a2f448 fffff880`15f10be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`15f10bd0 000007fe`f7ec319b : 000007fe`f4fd12c6 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15f10c40) 000000f0`72a2f428 000007fe`f4fd12c6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`72a2f430 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`72a2f710 000007f7`70e07c1b : 00000000`00000000 00000000`00000000 00000000`00000000 000000f0`6edd6708 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`72a2f750 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcServiceCache::s_InformClientsThread+0x37 000000f0`72a2f790 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`72a2f7c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8002198b00 Cid 0ca0.0aa4 Teb: 000007f770a36000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003798d80 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15715946 Ticks: 25182 (0:00:06:32.841) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880160eddd0 Current fffff880160ed760 Base fffff880160ee000 Limit fffff880160e8000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`160ed7a0 fffff802`b3b2d99c : fffffa80`02198b00 00000000`00000000 fffff802`b3eedd60 fffff8a0`022dee70 : nt!KiSwapContext+0x76 fffff880`160ed8e0 fffff802`b3b38ddb : fffff8a0`022dee70 fffff880`160edcc0 00000000`00000000 fffff802`b3ec9d35 : nt!KiCommitThreadWait+0x23c fffff880`160ed9a0 fffff802`b3ed0b6c : fffffa80`03798d80 fffffa80`02198b01 00000000`00000001 000000f0`77f5f600 : nt!KeRemoveQueueEx+0x26b fffff880`160eda50 fffff802`b3b434d5 : fffffa80`03798d80 000000f0`73682930 fffff880`160edb80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`160edae0 fffff802`b3b02d53 : 00000000`00000750 000000f0`73682930 fffff880`00000010 000000f0`77f5f660 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`160edc40 000007fe`f7ec46ab : 000007fe`f7ec84b3 000000f0`70e65650 000000f0`70e65650 000000f0`73682760 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`160edc40) 000000f0`77f5f608 000007fe`f7ec84b3 : 000000f0`70e65650 000000f0`70e65650 000000f0`73682760 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`77f5f610 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x275 000000f0`77f5f8b0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`77f5f8e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001f3b080 Cid 0ca0.0d2c Teb: 000007f770a4e000 Win32Thread: fffff90103f2ab90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040e0220 SynchronizationEvent fffffa8003da2630 SynchronizationEvent Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2113 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address taskmgr!WdcProcessMonitor::HangDetectionThread (0x000007f770e01354) Stack Init fffff88016222dd0 Current fffff88016222180 Base fffff88016223000 Limit fffff8801621d000 Call 0 Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`162221c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0384ca10 : nt!KiSwapContext+0x76 fffff880`16222300 fffff802`b3b293cd : fffff880`00000001 fffff880`00000000 00000000`00000000 00000000`000002f0 : nt!KiCommitThreadWait+0x23c fffff880`162223c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`16222540 fffffa80`03da2630 fffff802`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`16222470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3ecbeeb : nt!ObWaitForMultipleObjects+0x29c fffff880`16222980 fffff802`b3b02d53 : fffffa80`01f3b080 000000f0`72ddf668 fffff880`16222be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`16222bd0 000007fe`f7ec319b : 000007fe`f4fd12c6 ffffffff`ffffffec 000007fe`f56c4fcc 000000f0`6edd7480 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16222c40) 000000f0`72ddf648 000007fe`f4fd12c6 : ffffffff`ffffffec 000007fe`f56c4fcc 000000f0`6edd7480 000007f7`70a4e800 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`72ddf650 000007fe`f6011292 : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`72ddf930 000007f7`70e01398 : 00000000`00000000 00000000`00000000 00000000`00000000 000000f0`6edd7480 : KERNEL32!WaitForMultipleObjects+0x12 000000f0`72ddf970 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : taskmgr!WdcProcessMonitor::HangDetectionThread+0x44 000000f0`72ddf9b0 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`72ddf9e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8003bbdb00 Cid 0ca0.0ae8 Teb: 000007f770a3a000 Win32Thread: fffff90103f6e530 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 7261 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150c3dd0 Current fffff880150c3760 Base fffff880150c4000 Limit fffff880150be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150c37a0 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 fffffa80`00000000 : nt!KiSwapContext+0x76 fffff880`150c38e0 fffff802`b3b38ddb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`150c39a0 fffff802`b3ed0b6c : fffffa80`01e75ec0 fffffa80`03bbdb01 00000000`00000001 000000f0`0010fc00 : nt!KeRemoveQueueEx+0x26b fffff880`150c3a50 fffff802`b3b434d5 : fffffa80`01e75ec0 000000f0`72b68440 fffff880`150c3b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`150c3ae0 fffff802`b3b02d53 : 00000000`00000214 000000f0`72b68440 000000f0`00000010 000000f0`0010fc30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150c3c40 000007fe`f7ec46ab : 000007fe`f7ec84b3 00000000`00000002 000000f0`6ea6abd0 000000f0`6ea2ac70 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150c3c40) 000000f0`0010fbd8 000007fe`f7ec84b3 : 00000000`00000002 000000f0`6ea6abd0 000000f0`6ea2ac70 000000f0`72b687c0 : ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`0010fbe0 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x275 000000f0`0010fe80 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0010feb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa8001e74b00 Cid 0ca0.0c34 Teb: 000007f770a34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003e58460 SynchronizationTimer Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740965 Ticks: 163 (0:00:00:02.542) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff880173bedd0 Current fffff880173be0f0 Base fffff880173bf000 Limit fffff880173b9000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173be130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`173be270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`173be330 fffff802`b3b2943e : fffffa80`03e58460 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`173be3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`173be540 00000000`00000000 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`173be470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`173be980 fffff802`b3b02d53 : fffffa80`01e74b00 000000f0`0028f438 fffff880`173bebe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`173bebd0 000007fe`f7ec319b : 000007fe`f4fd12c6 000007fe`f7bc5c92 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173bec40) 000000f0`0028f418 000007fe`f4fd12c6 : 000007fe`f7bc5c92 00000000`00000000 00000000`00000000 00000070`00000001 : ntdll!NtWaitForMultipleObjects+0xa 000000f0`0028f420 000007fe`f7b3196a : 00000000`00000000 000007f7`70b7f000 00000000`00000000 00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xe5 000000f0`0028f700 000007fe`f7b31a03 : 00000000`00000554 00000000`00000000 00000000`00000000 000000f0`73633600 : combase!WaitCoalesced+0x96 000000f0`0028f950 000007fe`f7b32218 : 000000f0`70e3edc0 00000000`ffffffff 00000000`00000000 00000000`00000000 : combase!CROIDTable::WorkerThreadLoop+0x63 000000f0`0028f9a0 000007fe`f7b3241f : 00000000`00000000 00000000`00000000 000000f0`70e3edc0 00000000`00000000 : combase!CRpcThread::WorkerLoop+0x48 000000f0`0028fc10 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : combase!CRpcThreadCache::RpcWorkerThreadEntry+0x73 000000f0`0028fc40 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0028fc70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d THREAD fffffa80020b5900 Cid 0ca0.0154 Teb: 000007f770a40000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001e75ec0 QueueObject Not impersonating DeviceMap fffff8a007e2e6a0 Owning Process fffffa8002d74180 Image: Taskmgr.exe Attached Process N/A Image: N/A Wait Start TickCount 15740913 Ticks: 215 (0:00:00:03.354) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88014e29dd0 Current fffff88014e29760 Base fffff88014e2a000 Limit fffff88014e24000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`14e297a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`14e298e0 fffff802`b3b38ddb : fffffa80`01e75ec0 00000004`d28ce07e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`14e299a0 fffff802`b3ed0b6c : fffffa80`01e75ec0 fffffa80`020b5901 00000000`00000001 000000f0`0018fc00 : nt!KeRemoveQueueEx+0x26b fffff880`14e29a50 fffff802`b3b434d5 : fffffa80`01e75ec0 000000f0`72a53740 fffff880`14e29b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`14e29ae0 fffff802`b3b02d53 : 00000000`00000214 000000f0`72a53740 000000f0`00000010 000000f0`0018fcd0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`14e29c40 000007fe`f7ec46ab : 000007fe`f7ec84b3 00000000`00000000 00000000`00000000 000000f0`6ea2ac70 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`14e29c40) 000000f0`0018fc78 000007fe`f7ec84b3 : 00000000`00000000 00000000`00000000 000000f0`6ea2ac70 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa 000000f0`0018fc80 000007fe`f601167e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x275 000000f0`0018ff20 000007fe`f7ee3501 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1a 000000f0`0018ff50 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d PROCESS fffffa8001e0f740 SessionId: 2 Cid: 0d7c Peb: 7f65412f000 ParentCid: 0c78 DirBase: 0e165000 ObjectTable: fffff8a00055ff00 HandleCount: Image: notepad.exe THREAD fffffa8001ec4b00 Cid 0d7c.0bc4 Teb: 000007f65412d000 Win32Thread: fffff90104165010 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8003808f20 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8001e0f740 Image: notepad.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 2411 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address 0x000007f654c35a40 Stack Init fffff88015856dd0 Current fffff880158565f0 Base fffff88015857000 Limit fffff88015851000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`15856630 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000055`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`15856770 fffff802`b3b29c1f : fffff880`009e6180 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`15856830 fffff802`b3b2943e : fffffa80`03808f20 fffffa80`0000000d 00000000`00000001 fffff802`b3afa100 : nt!KeWaitForSingleObject+0x1cf fffff880`158568c0 fffff960`00153e07 : fffff901`00000001 fffff880`158569e0 fffff880`15856990 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`15856970 fffff960`00154765 : 00000000`ffff0000 fffff901`04160000 00000000`00003dff fffff880`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`15856a40 fffff960`00152e99 : fffff880`15856cc0 00000000`00000100 00000000`00000001 fffff802`b3b2ba00 : win32k!xxxSleepThread+0xc5 fffff880`15856a90 fffff960`001545f3 : fffff880`15856bf8 00000055`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`15856bb0 fffff802`b3b02d53 : fffffa80`01ec4b00 00000000`00000001 00000000`00000020 00000000`00000060 : win32k!NtUserGetMessage+0x83 fffff880`15856c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15856c40) 00000055`4fdbf918 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa PROCESS fffffa8001d54580 SessionId: 0 Cid: 0f98 Peb: 7f76acaa000 ParentCid: 0220 DirBase: 18acb000 ObjectTable: fffff8a0022e3980 HandleCount: Image: msiexec.exe THREAD fffffa8004165b00 Cid 0f98.0790 Teb: 000007f76acae000 Win32Thread: fffff901006a7570 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003f2c290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727297 Ticks: 13831 (0:00:03:35.764) Context Switch Count 56 IdealProcessor: 0 UserTime 00:00:00.031 KernelTime 00:00:00.046 Win32 Start Address 0x000007f76b145308 Stack Init fffff88016559dd0 Current fffff88016559900 Base fffff8801655a000 Limit fffff88016554000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`16559940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000000 00000055`2fab21b0 : nt!KiSwapContext+0x76 fffff880`16559a80 fffff802`b3b29c1f : fffff880`16559b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`16559b40 fffff802`b3ec9df6 : fffffa80`03f2c290 fffff880`00000006 00000000`00000001 00000055`2fab6b00 : nt!KeWaitForSingleObject+0x1cf fffff880`16559bd0 fffff802`b3b02d53 : fffffa80`04165b00 00000000`ffffffff 00000000`00000000 fffffa80`03f2c290 : nt!NtWaitForSingleObject+0xb6 fffff880`16559c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16559c40) 00000055`2f8acf78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002ca9700 Cid 0f98.0f80 Teb: 000007f76acac000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 589 IdealProcessor: 0 UserTime 00:00:00.156 KernelTime 00:00:00.062 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88016589dd0 Current fffff88016589760 Base fffff8801658a000 Limit fffff88016584000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`165897a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165898e0 fffff802`b3b38ddb : fffff8a0`067d5770 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`165899a0 fffff802`b3ed0b6c : fffffa80`03b9ea00 fffffa80`02ca9701 00000000`00000001 00000055`302cfa00 : nt!KeRemoveQueueEx+0x26b fffff880`16589a50 fffff802`b3b434d5 : fffffa80`03b9ea00 00000055`2fab49c0 fffff880`16589b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`16589ae0 fffff802`b3b02d53 : 00000000`000000c4 00000055`2fab49c0 00000055`00000010 00000055`302cfa40 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`16589c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16589c40) 00000055`302cf9e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80020ffb00 Cid 0f98.0bc8 Teb: 000007f76aca4000 Win32Thread: fffff90100699b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d1f5a0 NotificationTimer fffffa800364f950 NotificationEvent fffffa8001e374f0 SynchronizationEvent fffffa80037ce180 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727303 Ticks: 13825 (0:00:03:35.671) Context Switch Count 48 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f76b13b560 Stack Init fffff880165c2dd0 Current fffff880165c2180 Base fffff880165c3000 Limit fffff880165bd000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165c21c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165c2300 fffff802`b3b293cd : fffff880`165c2698 00000000`00000000 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`165c23c0 fffff802`b3eca2ac : fffff880`00000004 fffff880`165c2540 fffffa80`037ce180 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`165c2470 fffff802`b3eca723 : 00000000`00000004 00000000`00000001 00000000`00000000 00000000`00000010 : nt!ObWaitForMultipleObjects+0x29c fffff880`165c2980 fffff802`b3b02d53 : fffffa80`020ffb00 00000055`3044e928 fffff880`165c2be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`165c2bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165c2c40) 00000055`3044e908 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018f13c0 Cid 0f98.0074 Teb: 000007f76ab7e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dc54d0 Semaphore Limit 0x7fffffff Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727582 Ticks: 13546 (0:00:03:31.318) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880165d8dd0 Current fffff880165d8900 Base fffff880165d9000 Limit fffff880165d3000 Call 0 Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165d8940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 00000000`00000001 fffff880`165d8a01 : nt!KiSwapContext+0x76 fffff880`165d8a80 fffff802`b3b29c1f : fffffa80`033a3840 00000000`00000000 00000000`00000000 fffff802`b3e8d256 : nt!KiCommitThreadWait+0x23c fffff880`165d8b40 fffff802`b3ec9df6 : fffffa80`01dc54d0 fffff802`00000006 00000000`00000001 fffff802`b3e4ff00 : nt!KeWaitForSingleObject+0x1cf fffff880`165d8bd0 fffff802`b3b02d53 : fffffa80`018f13c0 00000000`ffffffff 00000000`00000000 fffffa80`01dc54d0 : nt!NtWaitForSingleObject+0xb6 fffff880`165d8c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165d8c40) 00000055`30a4faa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002e8ab00 Cid 0f98.0f38 Teb: 000007f76ab7c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002f03060 SynchronizationEvent fffffa8002d50810 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727322 Ticks: 13806 (0:00:03:35.374) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feef04ad20 Stack Init fffff880165e6dd0 Current fffff880165e6180 Base fffff880165e7000 Limit fffff880165e1000 Call 0 Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165e61c0 fffff802`b3b2d99c : fffff880`165e6380 00000000`00000000 fffff880`165e6354 00000100`00000000 : nt!KiSwapContext+0x76 fffff880`165e6300 fffff802`b3b293cd : fffff8a0`0689e620 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`165e63c0 fffff802`b3eca2ac : fffff8a0`00000002 fffff880`165e6540 fffffa80`02d50810 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`165e6470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff8a0`0663d620 : nt!ObWaitForMultipleObjects+0x29c fffff880`165e6980 fffff802`b3b02d53 : fffffa80`02e8ab00 00000055`30b2f608 fffff880`165e6be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`165e6bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165e6c40) 00000055`30b2f5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80020915c0 Cid 0f98.0f7c Teb: 000007f76ab78000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa800181af80 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15727325 Ticks: 13803 (0:00:03:35.328) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880165dfdd0 Current fffff880165df760 Base fffff880165e0000 Limit fffff880165da000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`165df7a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`165df8e0 fffff802`b3b38ddb : fffffa80`0181af80 fffff802`b3b4c9fd 00000000`00000000 00000000`00000842 : nt!KiCommitThreadWait+0x23c fffff880`165df9a0 fffff802`b3ed0b6c : fffffa80`0181af80 fffffa80`02091501 00000000`00000001 00000055`31fff700 : nt!KeRemoveQueueEx+0x26b fffff880`165dfa50 fffff802`b3b434d5 : fffffa80`0181af80 00000055`2fb7f9a0 fffff880`165dfb80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`165dfae0 fffff802`b3b02d53 : 00000000`000001fc 00000055`2fb7f9a0 00000055`00000010 00000055`31fff7c0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`165dfc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`165dfc40) 00000055`31fff768 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003bdab00 Cid 0f98.02fc Teb: 000007f76aca8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003b9ea00 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8001d54580 Image: msiexec.exe Attached Process N/A Image: N/A Wait Start TickCount 15739266 Ticks: 1862 (0:00:00:29.047) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015022dd0 Current fffff88015022760 Base fffff88015023000 Limit fffff8801501d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150227a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`150228e0 fffff802`b3b38ddb : fffffa80`03b9ea00 fffff802`b3b4c9fd 00000000`00000000 00000000`000008dc : nt!KiCommitThreadWait+0x23c fffff880`150229a0 fffff802`b3ed0b6c : fffffa80`03b9ea00 fffffa80`03bdab01 00000000`00000001 00000055`31e0fc00 : nt!KeRemoveQueueEx+0x26b fffff880`15022a50 fffff802`b3b434d5 : fffffa80`03b9ea00 00000055`2fb73880 fffff880`15022b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`15022ae0 fffff802`b3b02d53 : 00000000`000000c4 00000055`2fb73880 00000055`00000010 00000055`31e0fc70 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15022c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15022c40) 00000055`31e0fc18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa80033bb940 SessionId: 2 Cid: 0a50 Peb: 7f71da5f000 ParentCid: 0d68 DirBase: 1348e000 ObjectTable: fffff8a00303f300 HandleCount: Image: mspaint.exe THREAD fffffa8003e87b00 Cid 0a50.0e50 Teb: 000007f71da5d000 Win32Thread: fffff9010419c7a0 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa8002cfe830 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15741108 Ticks: 20 (0:00:00:00.312) Context Switch Count 6061 IdealProcessor: 0 UserTime 00:00:01.154 KernelTime 00:00:00.639 Win32 Start Address 0x000007f71e33df00 Stack Init fffff88016318dd0 Current fffff880163185f0 Base fffff88016319000 Limit fffff88016313000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`16318630 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`16318770 fffff802`b3b29c1f : fffffa80`0263ee70 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`16318830 fffff802`b3b2943e : fffffa80`02cfe830 fffffa80`0000000d 00000000`00000001 fffff802`b3afa100 : nt!KeWaitForSingleObject+0x1cf fffff880`163188c0 fffff960`00153e07 : fffff901`00000001 fffff880`163189e0 fffff880`16318990 00000000`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`16318970 fffff960`00154765 : 00000000`00000000 fffff901`04190000 00000000`00003dff fffff960`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`16318a40 fffff960`00152e99 : fffff880`16318cc0 00000000`00000100 00000000`00000001 fffff960`001c6509 : win32k!xxxSleepThread+0xc5 fffff880`16318a90 fffff960`001545f3 : fffff880`16318bf8 000007f7`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`16318bb0 fffff802`b3b02d53 : fffffa80`03e87b00 00000000`00000006 00000000`00000020 fffffa80`03e8c001 : win32k!NtUserGetMessage+0x83 fffff880`16318c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`16318c40) 00000058`e266f978 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa80027dfb00 Cid 0a50.0d20 Teb: 000007f71da5b000 Win32Thread: fffff90104195010 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040dcd70 NotificationEvent fffffa8003feb710 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728106 Ticks: 13022 (0:00:03:23.144) Context Switch Count 35 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef6381b90 Stack Init fffff880170e6dd0 Current fffff880170e6180 Base fffff880170e7000 Limit fffff880170e1000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`170e61c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffffa80`00000000 fffff802`b3b73e3d : nt!KiSwapContext+0x76 fffff880`170e6300 fffff802`b3b293cd : 00000000`00000000 fffff880`170e64d8 00000000`00000000 fffff802`b3b4749f : nt!KiCommitThreadWait+0x23c fffff880`170e63c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`170e6540 fffffa80`03feb710 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`170e6470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffffa80`038b1770 : nt!ObWaitForMultipleObjects+0x29c fffff880`170e6980 fffff802`b3b02d53 : fffffa80`027dfb00 00000058`e42efa48 fffff880`170e6be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`170e6bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170e6c40) 00000058`e42efa28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80039dab00 Cid 0a50.09a4 Teb: 000007f71da59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880170fbdd0 Current fffff880170fb760 Base fffff880170fc000 Limit fffff880170f6000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`170fb7a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000001 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`170fb8e0 fffff802`b3b38ddb : fffffa80`02d0e2a0 fffff802`b3e8eae7 00000000`00000000 fffff880`170fba60 : nt!KiCommitThreadWait+0x23c fffff880`170fb9a0 fffff802`b3ed0b6c : fffffa80`020b7780 fffffa80`039dab01 00000000`00000001 00000058`e534f500 : nt!KeRemoveQueueEx+0x26b fffff880`170fba50 fffff802`b3b434d5 : fffffa80`020b7780 00000058`e27f4af0 fffff880`170fbb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`170fbae0 fffff802`b3b02d53 : 00000000`0000019c 00000058`e27f4af0 00000058`00000010 00000058`e534f5e0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`170fbc40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`170fbc40) 00000058`e534f588 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa800201e080 Cid 0a50.0384 Teb: 000007f71da55000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8003669320 SynchronizationEvent fffffa8001cbd2e0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15739900 Ticks: 1228 (0:00:00:19.156) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88017141dd0 Current fffff88017141180 Base fffff88017142000 Limit fffff8801713c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`171411c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17141300 fffff802`b3b293cd : fffffa80`01cbd2e0 00000000`00000006 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`171413c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17141540 fffffa80`01cbd2e0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17141470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`00000000 : nt!ObWaitForMultipleObjects+0x29c fffff880`17141980 fffff802`b3b02d53 : fffffa80`0201e080 00000058`e544f658 fffff880`17141be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17141bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17141c40) 00000058`e544f638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002d30600 Cid 0a50.0020 Teb: 000007f71da53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001972e90 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address (0x000007feec322860) Stack Init fffff880172f9dd0 Current fffff880172f9900 Base fffff880172fa000 Limit fffff880172f4000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172f9940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`00000000 00000058`e2809610 : nt!KiSwapContext+0x76 fffff880`172f9a80 fffff802`b3b29c1f : fffff880`172f9b70 00000000`00000000 00000000`00000000 fffff802`b3ec2018 : nt!KiCommitThreadWait+0x23c fffff880`172f9b40 fffff802`b3ec9df6 : fffffa80`01972e90 fffff880`00000006 00000000`00000001 fffff802`b3e1be00 : nt!KeWaitForSingleObject+0x1cf fffff880`172f9bd0 fffff802`b3b02d53 : fffffa80`02d30600 00000000`ffffffff 00000000`00000000 fffffa80`01972e90 : nt!NtWaitForSingleObject+0xb6 fffff880`172f9c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172f9c40) 00000058`e54dfb68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001c25900 Cid 0a50.0b88 Teb: 000007f71da57000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80020b7780 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa80033bb940 Image: mspaint.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880150e6dd0 Current fffff880150e6760 Base fffff880150e7000 Limit fffff880150e1000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`150e67a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`150e68e0 fffff802`b3b38ddb : fffffa80`020b7780 00000004`b73aa026 00000000`00000000 00000000`000010eb : nt!KiCommitThreadWait+0x23c fffff880`150e69a0 fffff802`b3ed0b6c : fffffa80`020b7780 fffffa80`01c25901 00000000`00000001 00000058`e575f500 : nt!KeRemoveQueueEx+0x26b fffff880`150e6a50 fffff802`b3b434d5 : fffffa80`020b7780 00000058`e27fbff0 fffff880`150e6b80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`150e6ae0 fffff802`b3b02d53 : 00000000`0000019c 00000058`e27fbff0 00000058`00000010 00000058`e575f5a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`150e6c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`150e6c40) 00000058`e575f548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa80030a6540 SessionId: 0 Cid: 02e4 Peb: 7f6fad17000 ParentCid: 0220 DirBase: 1708f000 ObjectTable: fffff8a0085c6f00 HandleCount: Image: svchost.exe THREAD fffffa80031ffb00 Cid 02e4.00ac Teb: 000007f6fad1e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8003835f10 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728189 Ticks: 12939 (0:00:03:21.849) Context Switch Count 12 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f6fb7a26c0 Stack Init fffff880171e0dd0 Current fffff880171e0900 Base fffff880171e1000 Limit fffff880171db000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`171e0940 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffffa80`036cd070 00000011`4c23a3e0 : nt!KiSwapContext+0x76 fffff880`171e0a80 fffff802`b3b29c1f : fffff880`171e0b70 00000000`00000000 00000000`00000000 0000000c`001f0003 : nt!KiCommitThreadWait+0x23c fffff880`171e0b40 fffff802`b3ec9df6 : fffffa80`03835f10 fffff880`00000006 00000000`00000001 00000011`4c23de00 : nt!KeWaitForSingleObject+0x1cf fffff880`171e0bd0 fffff802`b3b02d53 : fffffa80`031ffb00 00000000`ffffffff 00000000`00000000 fffffa80`03835f10 : nt!NtWaitForSingleObject+0xb6 fffff880`171e0c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`171e0c40) 00000011`4c08f678 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8002064680 Cid 02e4.0ed8 Teb: 000007f6fad1a000 Win32Thread: fffff901006c1710 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728204 Ticks: 12924 (0:00:03:21.615) Context Switch Count 37 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017256dd0 Current fffff88017256760 Base fffff88017257000 Limit fffff88017251000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172567a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000001 00000000`fffeffff : nt!KiSwapContext+0x76 fffff880`172568e0 fffff802`b3b38ddb : 00000000`00000001 fffff802`b3e5dd97 00000000`00000000 fffff880`17256b78 : nt!KiCommitThreadWait+0x23c fffff880`172569a0 fffff802`b3ed0b6c : fffffa80`033a6d80 fffffa80`02064601 00000000`00000001 00000011`4c3af600 : nt!KeRemoveQueueEx+0x26b fffff880`17256a50 fffff802`b3b434d5 : fffffa80`033a6d80 00000011`4c23cda0 fffff880`17256b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17256ae0 fffff802`b3b02d53 : 00000000`0000004c 00000011`4c23cda0 00000011`00000010 00000011`4c3af6b0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17256c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17256c40) 00000011`4c3af658 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001c38b00 Cid 02e4.0040 Teb: 000007f6fad18000 Win32Thread: fffff901006f8b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001d729f0 NotificationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728195 Ticks: 12933 (0:00:03:21.756) Context Switch Count 73 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0) Stack Init fffff8801725ddd0 Current fffff8801725d900 Base fffff8801725e000 Limit fffff88017258000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1725d940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 fffff880`00000001 fffff8a0`0158f640 : nt!KiSwapContext+0x76 fffff880`1725da80 fffff802`b3b29c1f : 00000000`fffc0003 fffff802`b3af9959 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`1725db40 fffff802`b3ec9df6 : fffffa80`01d729f0 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`1725dbd0 fffff802`b3b02d53 : fffffa80`01c38b00 00000000`ffffffff 00000000`00000000 fffffa80`01d729f0 : nt!NtWaitForSingleObject+0xb6 fffff880`1725dc40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1725dc40) 00000011`4c42f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa8001d5a700 Cid 02e4.03a8 Teb: 000007f6fad15000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001c341f0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728188 Ticks: 12940 (0:00:03:21.865) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feee027388 Stack Init fffff88017288dd0 Current fffff880172880f0 Base fffff88017289000 Limit fffff88017283000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`17288130 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17288270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`17288330 fffff802`b3b2943e : fffffa80`01c341f0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`172883c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`17288540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`17288470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000001 : nt!ObWaitForMultipleObjects+0x29c fffff880`17288980 fffff802`b3b02d53 : fffffa80`01d5a700 00000011`4cb8faa8 fffff880`17288be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17288bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17288c40) 00000011`4cb8fa88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001d17b00 Cid 02e4.0b50 Teb: 000007f6fad13000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa80040bc950 SynchronizationEvent fffffa8002dd08d0 SynchronizationEvent Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15728190 Ticks: 12938 (0:00:03:21.834) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feee01de04 Stack Init fffff88017275dd0 Current fffff88017275180 Base fffff88017276000 Limit fffff88017270000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`172751c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`17275300 fffff802`b3b293cd : fffff880`17275698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`172753c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`17275540 fffffa80`02dd08d0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17275470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`17275980 fffff802`b3b02d53 : fffffa80`01d17b00 00000011`4cc0f7f8 fffff880`17275be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17275bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17275c40) 00000011`4cc0f7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80037da740 Cid 02e4.0158 Teb: 000007f6fabea000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80033a6d80 QueueObject Not impersonating DeviceMap fffff8a002487200 Owning Process fffffa80030a6540 Image: svchost.exe Attached Process N/A Image: N/A Wait Start TickCount 15737974 Ticks: 3154 (0:00:00:49.202) Context Switch Count 7 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017311dd0 Current fffff88017311760 Base fffff88017312000 Limit fffff8801730c000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173117a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000230 : nt!KiSwapContext+0x76 fffff880`173118e0 fffff802`b3b38ddb : 00000000`000001ac fffff802`b3e8eae7 00000000`00000000 fffff880`17311a10 : nt!KiCommitThreadWait+0x23c fffff880`173119a0 fffff802`b3ed0b6c : fffffa80`033a6d80 fffffa80`037da701 00000000`00000001 00000011`4cdcf600 : nt!KeRemoveQueueEx+0x26b fffff880`17311a50 fffff802`b3b434d5 : fffffa80`033a6d80 00000011`4c2783c0 fffff880`17311b80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`17311ae0 fffff802`b3b02d53 : 00000000`0000004c 00000011`4c2783c0 fffff880`00000010 00000011`4cdcf6a0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17311c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17311c40) 00000011`4cdcf648 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8002d6c540 SessionId: 0 Cid: 0e80 Peb: 7f7d3e2e000 ParentCid: 0288 DirBase: 50bb1000 ObjectTable: fffff8a0008fc200 HandleCount: Image: WmiPrvSE.exe THREAD fffffa80037dfb00 Cid 0e80.0ccc Teb: 000007f7d3e2c000 Win32Thread: fffff90100659710 WAIT: (WrUserRequest) UserMode Non-Alertable fffffa80036474e0 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728397 Ticks: 12731 (0:00:03:18.604) Context Switch Count 39 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address 0x000007f7d478b3fc Stack Init fffff880173f0dd0 Current fffff880173f05f0 Base fffff880173f1000 Limit fffff880173eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`173f0630 fffff802`b3b2d99c : fffff700`01080000 00000000`00000000 fffffa80`02d6ca28 fffff960`00151a90 : nt!KiSwapContext+0x76 fffff880`173f0770 fffff802`b3b29c1f : fffff683`ff7bdd28 fffffa80`02d6ca28 00000000`00000000 000007fe`0000000f : nt!KiCommitThreadWait+0x23c fffff880`173f0830 fffff802`b3b2943e : fffffa80`036474e0 fffffa80`0000000d fffff700`01080001 fffff802`b3eeb600 : nt!KeWaitForSingleObject+0x1cf fffff880`173f08c0 fffff960`00153e07 : 000000d7`00000001 fffff880`173f09e0 fffff6fc`50032108 fffff683`0000000d : nt!KeWaitForMultipleObjects+0x2ce fffff880`173f0970 fffff960`00154765 : 000007fe`f7ba0000 fffff901`00650000 00000000`00003dff fffff880`00000000 : win32k!xxxRealSleepThread+0x2c7 fffff880`173f0a40 fffff960`00152e99 : fffff880`173f0cc0 00000000`00000100 00000000`00000001 00000000`00000000 : win32k!xxxSleepThread+0xc5 fffff880`173f0a90 fffff960`001545f3 : fffff880`173f0bf8 000000d7`00000100 fffff880`00000000 00000000`ffffffff : win32k!xxxRealInternalGetMessage+0x629 fffff880`173f0bb0 fffff802`b3b02d53 : fffffa80`037dfb00 000000d7`70749eb0 00000000`00000020 fffff880`173f0c40 : win32k!NtUserGetMessage+0x83 fffff880`173f0c40 000007fe`f56c1eba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173f0c40) 000000d7`7063f908 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!NtUserGetMessage+0xa THREAD fffffa8002c9d800 Cid 0e80.083c Teb: 000007f7d3e2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 6 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88017422dd0 Current fffff88017422760 Base fffff88017423000 Limit fffff8801741d000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`174227a0 fffff802`b3b2d99c : 000000d7`7103f902 00000000`00000000 fffffa80`02c9d800 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`174228e0 fffff802`b3b38ddb : fffff8a0`00605c20 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`174229a0 fffff802`b3ed0b6c : fffffa80`03d9e580 fffffa80`02c9d801 00000000`00000001 000000d7`7103fb00 : nt!KeRemoveQueueEx+0x26b fffff880`17422a50 fffff802`b3b434d5 : fffffa80`03d9e580 000000d7`7075ce00 fffff880`17422b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`17422ae0 fffff802`b3b02d53 : 00000000`000000c8 000000d7`7075ce00 000000d7`00000010 000000d7`7103fbb0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`17422c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17422c40) 000000d7`7103fb58 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80041a8840 Cid 0e80.0ce8 Teb: 000007f7d3e28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001dce240 NotificationEvent fffffa8003fe9850 NotificationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728396 Ticks: 12732 (0:00:03:18.620) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007feed241470 Stack Init fffff880173d4dd0 Current fffff880173d4180 Base fffff880173d5000 Limit fffff880173cf000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`173d41c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`173d4300 fffff802`b3b293cd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`173d43c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`173d4540 fffffa80`03fe9850 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`173d4470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 00000000`000000fc : nt!ObWaitForMultipleObjects+0x29c fffff880`173d4980 fffff802`b3b02d53 : fffffa80`041a8840 000000d7`710bfa28 fffff880`173d4be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`173d4bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173d4c40) 000000d7`710bfa08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8003b59080 Cid 0e80.04d0 Teb: 000007f7d3e26000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15738078 Ticks: 3050 (0:00:00:47.580) Context Switch Count 40 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880173f7dd0 Current fffff880173f7760 Base fffff880173f8000 Limit fffff880173f2000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`173f77a0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 fffffa80`03bf0b40 : nt!KiSwapContext+0x76 fffff880`173f78e0 fffff802`b3b38ddb : fffff8a0`0844ee40 fffff802`b3cf72ba 00000000`00000000 fffff880`173f7a60 : nt!KiCommitThreadWait+0x23c fffff880`173f79a0 fffff802`b3ed0b6c : fffffa80`03d9e580 fffffa80`03b59001 00000000`00000001 000000d7`7124fa00 : nt!KeRemoveQueueEx+0x26b fffff880`173f7a50 fffff802`b3b434d5 : fffffa80`03d9e580 000000d7`70775a90 fffff880`173f7b80 00000018`000f0001 : nt!IoRemoveIoCompletion+0x4c fffff880`173f7ae0 fffff802`b3b02d53 : 00000000`000000c8 000000d7`70775a90 00000000`00000010 000000d7`7124fa30 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`173f7c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`173f7c40) 000000d7`7124f9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e03080 Cid 0e80.0c5c Teb: 000007f7d3cfe000 Win32Thread: fffff90100691290 WAIT: (UserRequest) UserMode Alertable fffffa8002db0b20 SynchronizationEvent fffffa8002db0aa0 SynchronizationEvent fffffa8003050aa0 SynchronizationEvent fffffa8003050a20 SynchronizationEvent fffffa800388d290 SynchronizationEvent Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15736090 Ticks: 5038 (0:00:01:18.593) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007f7d4781850 Stack Init fffff88017414dd0 Current fffff88017414180 Base fffff88017415000 Limit fffff8801740f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Child-SP RetAddr : Args to Child : Call Site fffff880`174141c0 fffff802`b3b2d99c : 001f0003`00000000 00000000`00000000 fffffa80`00000000 00000000`001f0003 : nt!KiSwapContext+0x76 fffff880`17414300 fffff802`b3b293cd : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000801 : nt!KiCommitThreadWait+0x23c fffff880`174143c0 fffff802`b3eca2ac : 00000000`00000005 fffff880`17414540 fffffa80`0388d290 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`17414470 fffff802`b3eca723 : 00000000`00000005 00000000`00000001 fffff880`174149b0 fffff802`b3ef63ca : nt!ObWaitForMultipleObjects+0x29c fffff880`17414980 fffff802`b3b02d53 : fffffa80`01e03080 000000d7`7136f0c8 fffff880`17414be8 000000d7`7136f0f0 : nt!NtWaitForMultipleObjects+0xe3 fffff880`17414bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`17414c40) 000000d7`7136f0a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80040db980 Cid 0e80.0cb0 Teb: 000007f7d3cfa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8003d9e580 QueueObject IRP List: fffffa8001d67830: (0006,0598) Flags: 00060070 Mdl: 00000000 Not impersonating DeviceMap fffff8a00000c340 Owning Process fffffa8002d6c540 Image: WmiPrvSE.exe Attached Process N/A Image: N/A Wait Start TickCount 15728564 Ticks: 12564 (0:00:03:15.999) Context Switch Count 4 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8801744edd0 Current fffff8801744e760 Base fffff8801744f000 Limit fffff88017449000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Kernel stack not resident. Child-SP RetAddr : Args to Child : Call Site fffff880`1744e7a0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffffa80`00000000 fffff802`b3d7f180 : nt!KiSwapContext+0x76 fffff880`1744e8e0 fffff802`b3b38ddb : fffff8a0`00605c20 fffff802`b3ebb316 00000000`00000000 00000000`fffefffd : nt!KiCommitThreadWait+0x23c fffff880`1744e9a0 fffff802`b3ed0b6c : fffffa80`03d9e580 fffffa80`040db901 00000000`00000001 000000d7`7146fc00 : nt!KeRemoveQueueEx+0x26b fffff880`1744ea50 fffff802`b3b434d5 : fffffa80`03d9e580 000000d7`70782920 fffff880`1744eb80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`1744eae0 fffff802`b3b02d53 : 00000000`000000c8 000000d7`70782920 000000d7`00000010 000000d7`7146fce0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`1744ec40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`1744ec40) 000000d7`7146fc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa PROCESS fffffa8004145940 SessionId: 2 Cid: 0814 Peb: 7f6abd6d000 ParentCid: 0288 DirBase: 4cdd6000 ObjectTable: fffff8a006b08680 HandleCount: Image: BackgroundTransferHost.exe THREAD fffffa8001ca1080 Cid 0814.0af4 Teb: 000007f6abd6e000 Win32Thread: fffff901040fcb90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80036d76d0 NotificationEvent fffffa8003e46770 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 31 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address 0x000007f6acc3299c Stack Init fffff880175d3dd0 Current fffff880175d3180 Base fffff880175d4000 Limit fffff880175ce000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`175d31c0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 fffff802`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175d3300 fffff802`b3b293cd : fffff880`175d3698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`175d33c0 fffff802`b3eca2ac : fffff880`00000002 fffff880`175d3540 fffffa80`03e46770 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175d3470 fffff802`b3eca723 : 00000000`00000002 00000000`00000001 00000000`00000000 fffff680`1a64fcf8 : nt!ObWaitForMultipleObjects+0x29c fffff880`175d3980 fffff802`b3b02d53 : fffffa80`01ca1080 00000034`c9f9f588 fffff880`175d3be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175d3bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175d3c40) 00000034`c9f9f568 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8001e0f080 Cid 0814.0d1c Teb: 000007f6abd6b000 Win32Thread: fffff901043b1b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa8002d15e90 SynchronizationEvent fffffa80040141e0 SynchronizationEvent fffffa800385b510 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 131 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175e9dd0 Current fffff880175e9180 Base fffff880175ea000 Limit fffff880175e4000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`175e91c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175e9300 fffff802`b3b293cd : fffff880`175e9698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`175e93c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`175e9540 fffffa80`0385b510 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175e9470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`175e9980 fffff802`b3b02d53 : fffffa80`01e0f080 00000034`cba8f408 fffff880`175e9be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175e9bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175e9c40) 00000034`cba8f3e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800416d5c0 Cid 0814.0e9c Teb: 000007f6abd69000 Win32Thread: fffff901040d2240 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e6b710 SynchronizationEvent fffffa8001d344c0 SynchronizationEvent fffffa80033c5210 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736547 Ticks: 4581 (0:00:01:11.464) Context Switch Count 112 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880175f0dd0 Current fffff880175f0180 Base fffff880175f1000 Limit fffff880175eb000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`175f01c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`175f0300 fffff802`b3b293cd : fffff880`175f0698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`175f03c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`175f0540 fffffa80`033c5210 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`175f0470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`175f0980 fffff802`b3b02d53 : fffffa80`0416d5c0 00000034`cbdef598 fffff880`175f0be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`175f0bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`175f0c40) 00000034`cbdef578 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa8002c8e080 Cid 0814.053c Teb: 000007f6abd67000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e3b2a0 SynchronizationTimer Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8) Stack Init fffff88000fbfdd0 Current fffff88000fbf0f0 Base fffff88000fc0000 Limit fffff88000fba000 Call 0 Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`00fbf130 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00fbf270 fffff802`b3b29c1f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`00fbf330 fffff802`b3b2943e : fffffa80`01e3b2a0 00000000`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`00fbf3c0 fffff802`b3eca2ac : fffff880`00000001 fffff880`00fbf540 00000000`00000001 00000000`00000006 : nt!KeWaitForMultipleObjects+0x2ce fffff880`00fbf470 fffff802`b3eca723 : 00000000`00000001 00000000`00000001 00000000`00000000 fffff802`b3eba1b3 : nt!ObWaitForMultipleObjects+0x29c fffff880`00fbf980 fffff802`b3b02d53 : fffffa80`02c8e080 00000034`cbe6f308 fffff880`00fbfbe8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`00fbfbd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fbfc40) 00000034`cbe6f2e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80018b8080 Cid 0814.0368 Teb: 000007f6abd65000 Win32Thread: fffff90104271b90 WAIT: (UserRequest) UserMode Non-Alertable fffffa80020af610 SynchronizationEvent fffffa8001cec150 SynchronizationEvent fffffa8001e14af0 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 47 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88000fe9dd0 Current fffff88000fe9180 Base fffff88000fea000 Limit fffff88000fe4000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`00fe91c0 fffff802`b3b2d99c : 00000000`00000001 00000000`00000000 fffff880`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`00fe9300 fffff802`b3b293cd : fffff880`00fe9698 00000000`00000000 00000000`00000000 fffff802`b3f5bbf4 : nt!KiCommitThreadWait+0x23c fffff880`00fe93c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`00fe9540 fffffa80`01e14af0 00000000`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`00fe9470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffffa80`0263ee40 : nt!ObWaitForMultipleObjects+0x29c fffff880`00fe9980 fffff802`b3b02d53 : fffffa80`018b8080 00000034`cbeeefd8 fffff880`00fe9be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`00fe9bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`00fe9c40) 00000034`cbeeefb8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa800200d800 Cid 0814.0d4c Teb: 000007f6abd63000 Win32Thread: fffff9010414f010 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15740060 Ticks: 1068 (0:00:00:16.660) Context Switch Count 358 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff880172c3dd0 Current fffff880172c3760 Base fffff880172c4000 Limit fffff880172be000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`172c37a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 00000000`00000000 00000000`ffff0000 : nt!KiSwapContext+0x76 fffff880`172c38e0 fffff802`b3b38ddb : fffffa80`03745090 fffff802`b3e8eae7 00000000`00000000 fffff880`172c3a60 : nt!KiCommitThreadWait+0x23c fffff880`172c39a0 fffff802`b3ed0b6c : fffffa80`021a6a40 fffffa80`0200d801 00000000`00000001 00000034`cbf8f600 : nt!KeRemoveQueueEx+0x26b fffff880`172c3a50 fffff802`b3b434d5 : fffffa80`021a6a40 00000034`ca1119a0 fffff880`172c3b80 00000018`000f00ff : nt!IoRemoveIoCompletion+0x4c fffff880`172c3ae0 fffff802`b3b02d53 : 00000000`000000c0 00000034`ca1119a0 00000034`00000010 00000034`cbf8f620 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`172c3c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`172c3c40) 00000034`cbf8f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa80033b8b00 Cid 0814.0850 Teb: 000007f6abc3e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable fffffa8002d4db30 NotificationEvent IRP List: fffffa80033f6950: (0006,01f0) Flags: 00020070 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 14 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc) Stack Init fffff88003c61dd0 Current fffff88003c61900 Base fffff88003c62000 Limit fffff88003c5c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`03c61940 fffff802`b3b2d99c : fffffa80`00000001 00000000`00000000 0016019f`00000000 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`03c61a80 fffff802`b3b29c1f : fffff880`03c61be8 00000034`cc00f0d8 00000000`00000000 fffff802`b3ee8c86 : nt!KiCommitThreadWait+0x23c fffff880`03c61b40 fffff802`b3ec9df6 : fffffa80`02d4db30 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x1cf fffff880`03c61bd0 fffff802`b3b02d53 : fffffa80`033b8b00 00000000`00000004 fffff880`03c61c18 fffffa80`02d4db30 : nt!NtWaitForSingleObject+0xb6 fffff880`03c61c40 000007fe`f7ec2c2a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c61c40) 00000034`cc00f038 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForSingleObject+0xa THREAD fffffa80040ee700 Cid 0814.0938 Teb: 000007f6abc3c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa8001f10500 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736494 Ticks: 4634 (0:00:01:12.290) Context Switch Count 1 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff8800317add0 Current fffff8800317a760 Base fffff8800317b000 Limit fffff88003175000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`0317a7a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KiSwapContext+0x76 fffff880`0317a8e0 fffff802`b3b38ddb : fffffa80`01f10500 fffff802`b3b4c9fd 00000000`00000000 00000000`000008bb : nt!KiCommitThreadWait+0x23c fffff880`0317a9a0 fffff802`b3ed0b6c : fffffa80`01f10500 fffffa80`040ee701 00000000`00000001 00000034`ccb6f500 : nt!KeRemoveQueueEx+0x26b fffff880`0317aa50 fffff802`b3b434d5 : fffffa80`01f10500 00000034`ca11f0d0 fffff880`0317ab80 fffff802`b3ec97cc : nt!IoRemoveIoCompletion+0x4c fffff880`0317aae0 fffff802`b3b02d53 : 00000000`00000318 00000034`ca11f0d0 00000034`00000010 00000034`ccb6f530 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`0317ac40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`0317ac40) 00000034`ccb6f4d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001e22740 Cid 0814.0f3c Teb: 000007f6abc3a000 Win32Thread: fffff901041b5010 WAIT: (UserRequest) UserMode Non-Alertable fffffa8001e416f0 SynchronizationEvent fffffa80018d06a0 SynchronizationEvent fffffa8003f53420 SynchronizationEvent Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 10 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.015 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003188dd0 Current fffff88003188180 Base fffff88003189000 Limit fffff88003183000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`031881c0 fffff802`b3b2d99c : fffff880`00000000 00000000`00000000 fffff880`00000000 fffff8a0`068e1cf0 : nt!KiSwapContext+0x76 fffff880`03188300 fffff802`b3b293cd : fffffa80`031ab3c0 fffff8a0`00605c20 00000000`00000000 fffff802`b3ee5ee6 : nt!KiCommitThreadWait+0x23c fffff880`031883c0 fffff802`b3eca2ac : fffff880`00000003 fffff880`03188540 fffffa80`03f53420 fffff8a0`00000006 : nt!KeWaitForMultipleObjects+0x25d fffff880`03188470 fffff802`b3eca723 : 00000000`00000003 00000000`00000001 00000000`00000000 fffff802`b3b2d9db : nt!ObWaitForMultipleObjects+0x29c fffff880`03188980 fffff802`b3b02d53 : fffffa80`01e22740 00000034`ccbef678 fffff880`03188be8 00000000`00000000 : nt!NtWaitForMultipleObjects+0xe3 fffff880`03188bd0 000007fe`f7ec319b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03188c40) 00000034`ccbef658 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa THREAD fffffa80038a7080 Cid 0814.08d8 Teb: 000007f6abc38000 Win32Thread: fffff9010430ab90 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject IRP List: fffffa800266fb20: (0006,03e8) Flags: 00020000 Mdl: 00000000 fffffa800413e810: (0006,03e8) Flags: 00020000 Mdl: 00000000 Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736595 Ticks: 4533 (0:00:01:10.715) Context Switch Count 293 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.046 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88015991dd0 Current fffff88015991760 Base fffff88015992000 Limit fffff8801598c000 Call 0 Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`159917a0 fffff802`b3b2d99c : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`ffffffff : nt!KiSwapContext+0x76 fffff880`159918e0 fffff802`b3b38ddb : 00000000`00000001 00000000`00000000 00000000`00000000 fffff880`15991cc0 : nt!KiCommitThreadWait+0x23c fffff880`159919a0 fffff802`b3ed0b6c : fffffa80`021a6a40 fffffa80`038a7001 00000000`00000001 00000034`ccc6f700 : nt!KeRemoveQueueEx+0x26b fffff880`15991a50 fffff802`b3b434d5 : fffffa80`021a6a40 00000034`ca1306d0 fffff880`15991b80 00000000`00000270 : nt!IoRemoveIoCompletion+0x4c fffff880`15991ae0 fffff802`b3b02d53 : 00000000`000000c0 00000034`ca1306d0 00000000`00000010 00000034`ccc6f700 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`15991c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`15991c40) 00000034`ccc6f6a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8003de9080 Cid 0814.0fc0 Teb: 000007f6abc34000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable fffffa80021a6a40 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736594 Ticks: 4534 (0:00:01:10.730) Context Switch Count 2 IdealProcessor: 0 UserTime 00:00:00.015 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0) Stack Init fffff88003c44dd0 Current fffff88003c44760 Base fffff88003c45000 Limit fffff88003c3f000 Call 0 Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`03c447a0 fffff802`b3b2d99c : fffff8a0`00000000 00000000`00000000 fffffa80`00000000 ffffffff`fffffffe : nt!KiSwapContext+0x76 fffff880`03c448e0 fffff802`b3b38ddb : fffffa80`021885f0 00000000`00000000 00000000`00000000 fffff880`03c44a80 : nt!KiCommitThreadWait+0x23c fffff880`03c449a0 fffff802`b3ed0b6c : fffffa80`021a6a40 fffffa80`03de9001 00000000`00000001 00000034`ccd6f900 : nt!KeRemoveQueueEx+0x26b fffff880`03c44a50 fffff802`b3b434d5 : fffffa80`021a6a40 00000034`ca13b5c0 fffff880`03c44b80 00000000`00000001 : nt!IoRemoveIoCompletion+0x4c fffff880`03c44ae0 fffff802`b3b02d53 : 00000000`000000c0 00000034`ca13b5c0 00000000`00000010 00000034`ccd6f9f0 : nt!NtWaitForWorkViaWorkerFactory+0x295 fffff880`03c44c40 000007fe`f7ec46ab : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c44c40) 00000034`ccd6f998 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa THREAD fffffa8001ce6640 Cid 0814.03ec Teb: 000007f6abc32000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable fffffa8004000ac0 QueueObject Not impersonating DeviceMap fffff8a000290b20 Owning Process fffffa8004145940 Image: BackgroundTransferHost.exe Attached Process N/A Image: N/A Wait Start TickCount 15736520 Ticks: 4608 (0:00:01:11.885) Context Switch Count 3 IdealProcessor: 0 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address 0x000007fef4645990 Stack Init fffff88003c0ddd0 Current fffff88003c0d7a0 Base fffff88003c0e000 Limit fffff88003c08000 Call 0 Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 Scheduling Group: fffffa80036ab8c0 Child-SP RetAddr : Args to Child : Call Site fffff880`03c0d7e0 fffff802`b3b2d99c : d4000f79`1587fffb 00000000`00000000 00000000`00000000 fffffa80`02ec5070 : nt!KiSwapContext+0x76 fffff880`03c0d920 fffff802`b3b38ddb : 00000000`00000000 fffff802`b3ac211e 00000000`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x23c fffff880`03c0d9e0 fffff802`b3ed0b6c : fffffa80`04000ac0 00000000`00000001 00000034`ccdefe00 fffff880`03c0db00 : nt!KeRemoveQueueEx+0x26b fffff880`03c0da90 fffff802`b3eafcb5 : fffffa80`04000ac0 fffff880`03c0db88 fffff880`03c0db80 00000000`00000000 : nt!IoRemoveIoCompletion+0x4c fffff880`03c0db20 fffff802`b3b02d53 : fffffa80`01ce6640 00000034`ccdefe98 fffff880`03c0dbe8 fffff6fb`7da00698 : nt!NtRemoveIoCompletion+0x135 fffff880`03c0dbd0 000007fe`f7ec2c7a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03c0dc40) 00000034`ccdefe78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtRemoveIoCompletion+0xa .process /p /r 0 0: kd> !process 0 0 **** NT ACTIVE PROCESS DUMP **** PROCESS fffffa800182e480 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00187000 ObjectTable: fffff8a000003000 HandleCount: Image: System PROCESS fffffa8002d78500 SessionId: none Cid: 011c Peb: 7f6a68af000 ParentCid: 0004 DirBase: 06696000 ObjectTable: fffff8a000b3b840 HandleCount: Image: smss.exe PROCESS fffffa8002e6b1c0 SessionId: 0 Cid: 0190 Peb: 7f7688e8000 ParentCid: 0188 DirBase: 114d5000 ObjectTable: fffff8a001c6c680 HandleCount: Image: csrss.exe PROCESS fffffa8002e7b940 SessionId: 0 Cid: 01c4 Peb: 7f6f01fc000 ParentCid: 0188 DirBase: 2449b000 ObjectTable: fffff8a00156ed80 HandleCount: Image: wininit.exe PROCESS fffffa80033c3080 SessionId: 0 Cid: 0220 Peb: 7f75ab5d000 ParentCid: 01c4 DirBase: 2e23b000 ObjectTable: fffff8a0016a32c0 HandleCount: Image: services.exe PROCESS fffffa8003694940 SessionId: 0 Cid: 0228 Peb: 7f6f354f000 ParentCid: 01c4 DirBase: 2e64e000 ObjectTable: fffff8a0016aca40 HandleCount: Image: lsass.exe PROCESS fffffa8003740540 SessionId: 0 Cid: 0288 Peb: 7f6fb59b000 ParentCid: 0220 DirBase: 30729000 ObjectTable: fffff8a0023607c0 HandleCount: Image: svchost.exe PROCESS fffffa8003763540 SessionId: 0 Cid: 02b0 Peb: 7f6fab93000 ParentCid: 0220 DirBase: 30d47000 ObjectTable: fffff8a0023d3940 HandleCount: Image: svchost.exe PROCESS fffffa800379c940 SessionId: 0 Cid: 02f0 Peb: 7f6faabb000 ParentCid: 0220 DirBase: 31659000 ObjectTable: fffff8a00248d1c0 HandleCount: Image: svchost.exe PROCESS fffffa80037ae940 SessionId: 0 Cid: 0314 Peb: 7f6fa949000 ParentCid: 0220 DirBase: 319e5000 ObjectTable: fffff8a0024fcf00 HandleCount: Image: svchost.exe PROCESS fffffa80037e9940 SessionId: 0 Cid: 0360 Peb: 7f6fa7ef000 ParentCid: 0220 DirBase: 332b5000 ObjectTable: fffff8a002536040 HandleCount: Image: svchost.exe PROCESS fffffa8003879940 SessionId: 0 Cid: 03f0 Peb: 7f6fad89000 ParentCid: 0220 DirBase: 3584e000 ObjectTable: fffff8a002669480 HandleCount: Image: svchost.exe PROCESS fffffa800392c540 SessionId: 0 Cid: 03b8 Peb: 7f6fb68f000 ParentCid: 0220 DirBase: 2fe18000 ObjectTable: fffff8a00277ad80 HandleCount: Image: svchost.exe PROCESS fffffa8003b50480 SessionId: 0 Cid: 04c8 Peb: 7f7cf335000 ParentCid: 0220 DirBase: 3b055000 ObjectTable: fffff8a001f01980 HandleCount: Image: spoolsv.exe PROCESS fffffa800305c740 SessionId: 0 Cid: 04e4 Peb: 7f6fb17c000 ParentCid: 0220 DirBase: 3b3c6000 ObjectTable: fffff8a007e52800 HandleCount: Image: svchost.exe PROCESS fffffa80039a9940 SessionId: 0 Cid: 0598 Peb: 7f680503000 ParentCid: 0220 DirBase: 3e8d9000 ObjectTable: fffff8a002749980 HandleCount: Image: MsMpEng.exe PROCESS fffffa8003d8f080 SessionId: 0 Cid: 063c Peb: 7f6e696f000 ParentCid: 03f0 DirBase: 0a9ad000 ObjectTable: fffff8a0005f2f00 HandleCount: Image: dasHost.exe PROCESS fffffa8003eec940 SessionId: 0 Cid: 07e8 Peb: 7f6fa92f000 ParentCid: 0220 DirBase: 3fdd9000 ObjectTable: fffff8a0006d3f00 HandleCount: Image: svchost.exe PROCESS fffffa8003fea3c0 SessionId: 0 Cid: 08a8 Peb: 7f6fb20f000 ParentCid: 0220 DirBase: 4ae86000 ObjectTable: fffff8a000853600 HandleCount: Image: svchost.exe PROCESS fffffa8002772940 SessionId: 0 Cid: 0bac Peb: 7f7e166e000 ParentCid: 0288 DirBase: 2428a000 ObjectTable: fffff8a0008cc040 HandleCount: Image: dllhost.exe PROCESS fffffa80038e6940 SessionId: 0 Cid: 0270 Peb: 7f79c425000 ParentCid: 0220 DirBase: 3a2aa000 ObjectTable: fffff8a006c77c40 HandleCount: Image: SearchIndexer.exe PROCESS fffffa8001c4b080 SessionId: 0 Cid: 0ba8 Peb: 7f765435000 ParentCid: 0220 DirBase: 3c709000 ObjectTable: fffff8a000643200 HandleCount: Image: wmpnetwk.exe PROCESS fffffa8001d07940 SessionId: 1 Cid: 0acc Peb: 7f68f055000 ParentCid: 0ae4 DirBase: 3b81b000 ObjectTable: 00000000 HandleCount: 0. Image: explorer.exe PROCESS fffffa8001f4b940 SessionId: 2 Cid: 0a3c Peb: 7f6a5f5f000 ParentCid: 011c DirBase: 604c7000 ObjectTable: 00000000 HandleCount: 0. Image: smss.exe PROCESS fffffa80020b0080 SessionId: 2 Cid: 0cdc Peb: 7f768c3f000 ParentCid: 0a3c DirBase: 5e728000 ObjectTable: fffff8a0035fd400 HandleCount: Image: csrss.exe PROCESS fffffa800417d940 SessionId: 2 Cid: 0a28 Peb: 7f66fc54000 ParentCid: 0a3c DirBase: 6d36d000 ObjectTable: fffff8a00192a600 HandleCount: Image: winlogon.exe PROCESS fffffa8001f413c0 SessionId: 2 Cid: 0dac Peb: 7f7df883000 ParentCid: 0a28 DirBase: 38e80000 ObjectTable: 00000000 HandleCount: 0. Image: LogonUI.exe PROCESS fffffa8002109940 SessionId: 2 Cid: 06f8 Peb: 7f7f6aa3000 ParentCid: 0a28 DirBase: 6f209000 ObjectTable: fffff8a001ea0e40 HandleCount: Image: dwm.exe PROCESS fffffa8002cf71c0 SessionId: 2 Cid: 02a0 Peb: 7f7ccb0e000 ParentCid: 0220 DirBase: 0f530000 ObjectTable: fffff8a006786500 HandleCount: Image: taskhostex.exe PROCESS fffffa8003ed3600 SessionId: 2 Cid: 0d68 Peb: 7f68f17f000 ParentCid: 0824 DirBase: 40d5c000 ObjectTable: fffff8a006897040 HandleCount: Image: explorer.exe PROCESS fffffa8001fe8940 SessionId: 2 Cid: 0bdc Peb: 7f6bc9cc000 ParentCid: 0288 DirBase: 09f57000 ObjectTable: fffff8a002742440 HandleCount: Image: LiveComm.exe PROCESS fffffa8002d5d940 SessionId: 2 Cid: 0dd0 Peb: 7f6525bf000 ParentCid: 0d68 DirBase: 66377000 ObjectTable: fffff8a0068d5600 HandleCount: Image: browserchoice.exe PROCESS fffffa800200e080 SessionId: 2 Cid: 0478 Peb: 7f6893cf000 ParentCid: 0288 DirBase: 66cf7000 ObjectTable: fffff8a0029307c0 HandleCount: Image: WWAHost.exe PROCESS fffffa8002cc2940 SessionId: 2 Cid: 03e4 Peb: 7f75e65c000 ParentCid: 0288 DirBase: 53f43000 ObjectTable: fffff8a006b98400 HandleCount: Image: RuntimeBroker.exe PROCESS fffffa8002cb2940 SessionId: 2 Cid: 0c80 Peb: 7f6c41dd000 ParentCid: 0288 DeepFreeze DirBase: 2ef45000 ObjectTable: fffff8a002f215c0 HandleCount: Image: iexplore.exe PROCESS fffffa8003816940 SessionId: 2 Cid: 0d04 Peb: 7f6c3aca000 ParentCid: 0c80 DeepFreeze DirBase: 34024000 ObjectTable: fffff8a001749a00 HandleCount: Image: iexplore.exe PROCESS fffffa8001f7b7c0 SessionId: 2 Cid: 0e74 Peb: 7f6c39d9000 ParentCid: 0c80 DeepFreeze DirBase: 6772a000 ObjectTable: fffff8a0084321c0 HandleCount: Image: iexplore.exe PROCESS fffffa8002d74180 SessionId: 2 Cid: 0ca0 Peb: 7f770b7f000 ParentCid: 0d68 DirBase: 08818000 ObjectTable: fffff8a001f18d80 HandleCount: Image: Taskmgr.exe PROCESS fffffa8001e0f740 SessionId: 2 Cid: 0d7c Peb: 7f65412f000 ParentCid: 0c78 DirBase: 0e165000 ObjectTable: fffff8a00055ff00 HandleCount: Image: notepad.exe PROCESS fffffa8001d54580 SessionId: 0 Cid: 0f98 Peb: 7f76acaa000 ParentCid: 0220 DirBase: 18acb000 ObjectTable: fffff8a0022e3980 HandleCount: Image: msiexec.exe PROCESS fffffa80033bb940 SessionId: 2 Cid: 0a50 Peb: 7f71da5f000 ParentCid: 0d68 DirBase: 1348e000 ObjectTable: fffff8a00303f300 HandleCount: Image: mspaint.exe PROCESS fffffa80030a6540 SessionId: 0 Cid: 02e4 Peb: 7f6fad17000 ParentCid: 0220 DirBase: 1708f000 ObjectTable: fffff8a0085c6f00 HandleCount: Image: svchost.exe PROCESS fffffa8002d6c540 SessionId: 0 Cid: 0e80 Peb: 7f7d3e2e000 ParentCid: 0288 DirBase: 50bb1000 ObjectTable: fffff8a0008fc200 HandleCount: Image: WmiPrvSE.exe PROCESS fffffa8004145940 SessionId: 2 Cid: 0814 Peb: 7f6abd6d000 ParentCid: 0288 DirBase: 4cdd6000 ObjectTable: fffff8a006b08680 HandleCount: Image: BackgroundTransferHost.exe