0: kd> !process 0 ff
**** NT ACTIVE PROCESS DUMP ****
PROCESS fffffa800182e480
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 00187000  ObjectTable: fffff8a000003000  HandleCount: <Data Not Accessible>
    Image: System
    VadRoot fffffa80026a92b0 Vads 16 Clone 0 Private 21. Modified 60513. Locked 64.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0000055e0
    ElapsedTime                       2 Days 20:12:15.491
    UserTime                          00:00:00.000
    KernelTime                        00:00:10.030
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (224, 50, 450) (896KB, 200KB, 1800KB)
    PeakWorkingSetSize                1739
    VirtualSize                       5 Mb
    PeakVirtualSize                   12 Mb
    PageFaultCount                    41953
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      31

    Setting context for this process...
.process /p /r fffffa800182e480
                                       
    !peb
PEB NULL...


        THREAD fffffa8001818040  Cid 0004.0008  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d542e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      23943          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:08.502
        Win32 Start Address nt!Phase1Initialization (0xfffff802b3f85f70)
        Stack Init fffff880009a9dd0 Current fffff880009a9970
        Base fffff880009aa000 Limit fffff880009a4000 Call 0
        Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800184e380  Cid 0004.000c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d1ff20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      38             Ticks: 15741090 (2:20:12:42.577)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopIrpWorkerControl (0xfffff802b3bc4b30)
        Stack Init fffff880009d0dd0 Current fffff880009d0a40
        Base fffff880009d1000 Limit fffff880009cb000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80017f4040  Cid 0004.0010  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d20520  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739995       Ticks: 1133 (0:00:00:17.674)
        Context Switch Count      535            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8)
        Stack Init fffff880009d7dd0 Current fffff880009d79d0
        Base fffff880009d8000 Limit fffff880009d2000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800183a940  Cid 0004.0014  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d20520  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740171       Ticks: 957 (0:00:00:14.929)
        Context Switch Count      119            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8)
        Stack Init fffff880009dedd0 Current fffff880009de9d0
        Base fffff880009df000 Limit fffff880009d9000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018094c0  Cid 0004.0018  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffffa8001835788  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679017       Ticks: 62111 (0:00:16:08.937)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopFxEmergencyWorker (0xfffff802b3bb507c)
        Stack Init fffff880009e5dd0 Current fffff880009e5a20
        Base fffff880009e6000 Limit fffff880009e0000 Call 0
        Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001823980  Cid 0004.001c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88000faace0  SynchronizationTimer
            fffff802b3d0d2f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15718535       Ticks: 22593 (0:00:05:52.453)
        Context Switch Count      67             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address nt!ExpWorkerThreadBalanceManager (0xfffff802b3e1bfe8)
        Stack Init fffff88000faadd0 Current fffff88000faa9a0
        Base fffff88000fab000 Limit fffff88000fa5000 Call 0
        Priority 15 BasePriority 12 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001806a80  Cid 0004.002c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741127       Ticks: 1 (0:00:00:00.015)
        Context Switch Count      20016          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.780
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88000fc6dd0 Current fffff88000fc69d0
        Base fffff88000fc7000 Limit fffff88000fc1000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001806400  Cid 0004.0030  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740018       Ticks: 1110 (0:00:00:17.316)
        Context Switch Count      30328          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:01.279
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88000fcddd0 Current fffff88000fcd9d0
        Base fffff88000fce000 Limit fffff88000fc8000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018457c0  Cid 0004.004c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
            fffff802b3d84180  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740322       Ticks: 806 (0:00:00:12.573)
        Context Switch Count      134            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4)
        Stack Init fffff88000ffedd0 Current fffff88000ffe950
        Base fffff88000fff000 Limit fffff88000ff9000 Call 0
        Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800181c040  Cid 0004.0054  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
            fffff880009eb180  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740322       Ticks: 806 (0:00:00:12.573)
        Context Switch Count      135            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4)
        Stack Init fffff88002f0fdd0 Current fffff88002f0f950
        Base fffff88002f10000 Limit fffff88002f0a000 Call 0
        Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001802b00  Cid 0004.0060  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable
            fffff802b3d53f80  NotificationEvent
            fffff802b3d540c0  Semaphore Limit 0x7fffffff
            fffff802b3d53f40  NotificationEvent
            fffff802b3d54020  NotificationEvent
            fffff802b3d527a0  NotificationEvent
            fffff802b3d527c0  SynchronizationEvent
            fffff802b3d53ee0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736321       Ticks: 4807 (0:00:01:14.989)
        Context Switch Count      1760           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.093
        Win32 Start Address nt!MiDereferenceSegmentThread (0xfffff802b3ac194c)
        Stack Init fffff88002f24dd0 Current fffff88002f249d0
        Base fffff88002f25000 Limit fffff88002f1f000 Call 0
        Priority 19 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018177c0  Cid 0004.0064  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d276a0  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15732487       Ticks: 8641 (0:00:02:14.800)
        Context Switch Count      866            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.093
        Win32 Start Address nt!MiModifiedPageWriter (0xfffff802b3baa478)
        Stack Init fffff88002f2bdd0 Current fffff88002f2ba40
        Base fffff88002f2c000 Limit fffff88002f26000 Call 0
        Priority 18 BasePriority 18 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001833040  Cid 0004.0068  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d5ad80  SynchronizationEvent
            fffff802b3d52f60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741071       Ticks: 57 (0:00:00:00.889)
        Context Switch Count      3280           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.156
        Win32 Start Address nt!KeBalanceSetManager (0xfffff802b3b36620)
        Stack Init fffff88002f32dd0 Current fffff88002f329f0
        Base fffff88002f33000 Limit fffff88002f2d000 Call 0
        Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001823040  Cid 0004.006c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d53aa0  SynchronizationEvent
            fffff802b3d53ab8  SynchronizationEvent
            fffff802b3d53ad0  SynchronizationEvent
            fffff802b3d53ae8  SynchronizationEvent
            fffff802b3d53b00  SynchronizationEvent
            fffff802b3d53b18  SynchronizationEvent
            fffff802b3d53b30  SynchronizationEvent
            fffff802b3d53b48  SynchronizationEvent
            fffff802b3d53b60  SynchronizationEvent
            fffff802b3d53b78  SynchronizationEvent
            fffff802b3d53b90  SynchronizationEvent
            fffff802b3d53ba8  SynchronizationEvent
            fffff802b3d53bc0  SynchronizationEvent
            fffff802b3d53bd8  SynchronizationEvent
            fffff802b3d53bf0  SynchronizationEvent
            fffff802b3d53c08  SynchronizationEvent
            fffff802b3d53c20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741060       Ticks: 68 (0:00:00:01.060)
        Context Switch Count      16742          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!MiMappedPageWriter (0xfffff802b3b6f140)
        Stack Init fffff88002f39dd0 Current fffff88002f39970
        Base fffff88002f3a000 Limit fffff88002f34000 Call 0
        Priority 18 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001810b00  Cid 0004.0070  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d5ad40  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741071       Ticks: 57 (0:00:00:00.889)
        Context Switch Count      9193           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address nt!KeSwapProcessOrStack (0xfffff802b3aec50c)
        Stack Init fffff88002f40dd0 Current fffff88002f40a20
        Base fffff88002f41000 Limit fffff88002f3b000 Call 0
        Priority 23 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001803040  Cid 0004.007c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d6fd60  SynchronizationEvent
            fffff802b3d6fd80  SynchronizationEvent
            fffff802b3d6fda0  SynchronizationEvent
            fffff802b3d6fdc0  SynchronizationEvent
            fffff802b3d6fde0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741056       Ticks: 72 (0:00:00:01.123)
        Context Switch Count      1706           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!CcQueueLazyWriteScanThread (0xfffff802b3b893d8)
        Stack Init fffff88002f55dd0 Current fffff88002f559e0
        Base fffff88002f56000 Limit fffff88002f50000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001800040  Cid 0004.0080  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d6e020  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      46             Ticks: 15741082 (2:20:12:42.453)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778)
        Stack Init fffff88002f61dd0 Current fffff88002f61a20
        Base fffff88002f62000 Limit fffff88002f5c000 Call 0
        Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800182b800  Cid 0004.0084  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d6e060  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      46             Ticks: 15741082 (2:20:12:42.453)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778)
        Stack Init fffff88002f68dd0 Current fffff88002f68a20
        Base fffff88002f69000 Limit fffff88002f63000 Call 0
        Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001825b00  Cid 0004.0088  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001807230  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65             Ticks: 15741063 (2:20:12:42.156)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002f8fdd0 Current fffff88002f8f950
        Base fffff88002f90000 Limit fffff88002f8a000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800183a040  Cid 0004.008c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001818e30  SynchronizationEvent
            fffffa8001818e48  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739548       Ticks: 1580 (0:00:00:24.648)
        Context Switch Count      403            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002f96dd0 Current fffff88002f969e0
        Base fffff88002f97000 Limit fffff88002f91000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001839b00  Cid 0004.0090  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001802230  SynchronizationEvent
            fffffa8001802248  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737922       Ticks: 3206 (0:00:00:50.013)
        Context Switch Count      207            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002f9ddd0 Current fffff88002f9d9e0
        Base fffff88002f9e000 Limit fffff88002f98000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001903b00  Cid 0004.0094  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001903230  SynchronizationEvent
            fffffa8001903248  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727283       Ticks: 13845 (0:00:03:35.983)
        Context Switch Count      60             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002fa4dd0 Current fffff88002fa49e0
        Base fffff88002fa5000 Limit fffff88002f9f000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001902040  Cid 0004.0098  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80019038f0  SynchronizationEvent
            fffffa8001903908  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739331       Ticks: 1797 (0:00:00:28.033)
        Context Switch Count      119            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002fabdd0 Current fffff88002fab9e0
        Base fffff88002fac000 Limit fffff88002fa6000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800196fb00  Cid 0004.00a4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001970230  SynchronizationEvent
            fffffa8001970248  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736073       Ticks: 5055 (0:00:01:18.858)
        Context Switch Count      506            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002fc0dd0 Current fffff88002fc09e0
        Base fffff88002fc1000 Limit fffff88002fbb000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800196d040  Cid 0004.00a8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa800196e4b0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712882       Ticks: 28246 (0:00:07:20.640)
        Context Switch Count      130            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002fc7dd0 Current fffff88002fc7950
        Base fffff88002fc8000 Limit fffff88002fc2000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001810040  Cid 0004.00b0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d5fec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      69             Ticks: 15741059 (2:20:12:42.094)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0)
        Stack Init fffff88002fd5dd0 Current fffff88002fd5a20
        Base fffff88002fd6000 Limit fffff88002fd0000 Call 0
        Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80017ff800  Cid 0004.00b4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d5fec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      69             Ticks: 15741059 (2:20:12:42.094)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0)
        Stack Init fffff88002fdcdd0 Current fffff88002fdca20
        Base fffff88002fdd000 Limit fffff88002fd7000 Call 0
        Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80017fe040  Cid 0004.00b8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d5fec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      69             Ticks: 15741059 (2:20:12:42.094)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0)
        Stack Init fffff88002fe3dd0 Current fffff88002fe3a20
        Base fffff88002fe4000 Limit fffff88002fde000 Call 0
        Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80017feb00  Cid 0004.00bc  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d5fec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      69             Ticks: 15741059 (2:20:12:42.094)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopPassiveInterruptRealtimeWorker (0xfffff802b3bc49c0)
        Stack Init fffff88002feadd0 Current fffff88002feaa20
        Base fffff88002feb000 Limit fffff88002fe5000 Call 0
        Priority 16 BasePriority 16 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001904300  Cid 0004.00c0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88001040bc0  NotificationEvent
            fffff88001040c00  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740203       Ticks: 925 (0:00:00:14.430)
        Context Switch Count      2107           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ACPI!ACPIWorkerThread (0xfffff88001006874)
        Stack Init fffff88002ff1dd0 Current fffff88002ff1a00
        Base fffff88002ff2000 Limit fffff88002fec000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80019a8b00  Cid 0004.00c8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80019a84e0  SynchronizationEvent
            fffffa80019a84f8  SynchronizationEvent
            fffffa80019a8510  SynchronizationEvent
            fffffa80019a8528  SynchronizationEvent
            fffffa80019a8540  SynchronizationEvent
            fffffa80019a8558  SynchronizationEvent
            fffffa80019a8570  SynchronizationEvent
            fffffa80019a8588  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15678945       Ticks: 62183 (0:00:16:10.061)
        Context Switch Count      22             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address pci!RootPmeEventDispatcher (0xfffff8800119ef34)
        Stack Init fffff88003019dd0 Current fffff88003019810
        Base fffff8800301a000 Limit fffff88003014000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80019a7040  Cid 0004.00cc  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001857698  SynchronizationEvent
            fffffa8001857680  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15678905       Ticks: 62223 (0:00:16:10.685)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ACPI!PciRootBusBiosMethodDispatcherOnResume (0xfffff8800100d654)
        Stack Init fffff88003020dd0 Current fffff88003020a00
        Base fffff88003021000 Limit fffff8800301b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80024f7b00  Cid 0004.00d0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001a01770  NotificationEvent
            fffffa8001a01788  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      8583           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.109
        Win32 Start Address WdFilter!MpAsyncpWorkerThread (0xfffff8800158e360)
        Stack Init fffff880030a8dd0 Current fffff880030a89d0
        Base fffff880030a9000 Limit fffff880030a3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80024fd040  Cid 0004.00d4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88001ce4ba0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734738       Ticks: 6390 (0:00:01:39.684)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ndis!ndisThreadPoolTimerHandler (0xfffff88001c843e8)
        Stack Init fffff880030d9dd0 Current fffff880030d9a40
        Base fffff880030da000 Limit fffff880030d4000 Call 0
        Priority 15 BasePriority 7 UnusualBoost 8 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80024fdb00  Cid 0004.00d8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff88001ce4b40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      96856          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.187
        Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00)
        Stack Init fffff880030e0dd0 Current fffff880030e09f0
        Base fffff880030e1000 Limit fffff880030db000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002651b00  Cid 0004.00ec  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea1c0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736316       Ticks: 4812 (0:00:01:15.067)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff88002f4edd0 Current fffff88002f4ea40
        Base fffff88002f4f000 Limit fffff88002f49000 Call 0
        Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5

        THREAD fffffa8002650040  Cid 0004.00f0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea1e0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739296       Ticks: 1832 (0:00:00:28.579)
        Context Switch Count      1317           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.078
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031a9dd0 Current fffff880031a9a40
        Base fffff880031aa000 Limit fffff880031a4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002650b00  Cid 0004.00f4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea200  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739296       Ticks: 1832 (0:00:00:28.579)
        Context Switch Count      2841           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.234
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031b0dd0 Current fffff880031b0a40
        Base fffff880031b1000 Limit fffff880031ab000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80026505c0  Cid 0004.00f8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea220  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      704            Ticks: 15740424 (2:20:12:32.188)
        Context Switch Count      276            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031b7dd0 Current fffff880031b7a40
        Base fffff880031b8000 Limit fffff880031b2000 Call 0
        Priority 20 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 3 PagePriority 5

        THREAD fffffa800264f040  Cid 0004.00fc  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea240  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      169            Ticks: 15740959 (2:20:12:40.534)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031bedd0 Current fffff880031bea40
        Base fffff880031bf000 Limit fffff880031b9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800264fb00  Cid 0004.0100  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea260  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      169            Ticks: 15740959 (2:20:12:40.534)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031c5dd0 Current fffff880031c5a40
        Base fffff880031c6000 Limit fffff880031c0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800264e040  Cid 0004.0104  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea280  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      169            Ticks: 15740959 (2:20:12:40.534)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031ccdd0 Current fffff880031cca40
        Base fffff880031cd000 Limit fffff880031c7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800264eb00  Cid 0004.0108  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea2a0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      169            Ticks: 15740959 (2:20:12:40.534)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031d3dd0 Current fffff880031d3a40
        Base fffff880031d4000 Limit fffff880031ce000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800264e5c0  Cid 0004.010c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80025ea2c0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      169            Ticks: 15740959 (2:20:12:40.534)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address volsnap!VspWorkerThread (0xfffff88002192090)
        Stack Init fffff880031dadd0 Current fffff880031daa40
        Base fffff880031db000 Limit fffff880031d5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002c6cb00  Cid 0004.0114  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88003574520  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      14317          Ticks: 15726811 (2:20:08:59.823)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address watchdog!SMgrGdiCalloutThread (0xfffff8800356eddc)
        Stack Init fffff880031f7dd0 Current fffff880031f7a40
        Base fffff880031f8000 Limit fffff880031f2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002daab00  Cid 0004.0118  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8002daaea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733059       Ticks: 8069 (0:00:02:05.877)
        Context Switch Count      118            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!SepRmCommandServerThread (0xfffff802b3e4fd10)
        Stack Init fffff88002f6fdd0 Current fffff88002f6f270
        Base fffff88002f70000 Limit fffff88002f6a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002dec080  Cid 0004.0150  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable
            fffff802b3d6e560  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740122       Ticks: 1006 (0:00:00:15.693)
        Context Switch Count      2339           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.390
        Win32 Start Address nt!CmpLazyFlushWorker (0xfffff802b3e46354)
        Stack Init fffff88003165dd0 Current fffff88003165a40
        Base fffff88003166000 Limit fffff88003160000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e2b300  Cid 0004.015c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff88001ce4b40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      100462         IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.218
        Win32 Start Address ndis!ndisWorkerThread (0xfffff88001c74b00)
        Stack Init fffff8800305cdd0 Current fffff8800305c9f0
        Base fffff8800305d000 Limit fffff88003057000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e59b00  Cid 0004.0160  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88004d58460  SynchronizationEvent
            fffff88004d584a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      2986           Ticks: 15738142 (2:20:11:56.588)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address raspptp!MainPassiveLevelThread (0xfffff88004d4db60)
        Stack Init fffff88003c06dd0 Current fffff88003c06a00
        Base fffff88003c07000 Limit fffff88003c01000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80031a4b00  Cid 0004.0164  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d200  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737833       Ticks: 3295 (0:00:00:51.402)
        Context Switch Count      353            IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.390
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff8800307fdd0 Current fffff8800307f9d0
        Base fffff88003080000 Limit fffff8800307a000 Call 0
        Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80031c7040  Cid 0004.0170  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d110  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15707887       Ticks: 33241 (0:00:08:38.562)
        Context Switch Count      5887           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:05.600
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88003c2fdd0 Current fffff88003c2f9d0
        Base fffff88003c30000 Limit fffff88003c2a000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80031c7b00  Cid 0004.0174  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d110  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740197       Ticks: 931 (0:00:00:14.523)
        Context Switch Count      4243           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:05.319
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88003c36dd0 Current fffff88003c369d0
        Base fffff88003c37000 Limit fffff88003c31000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003260040  Cid 0004.017c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa800325d948  NotificationEvent
            fffffa800325d960  NotificationEvent
            fffffa800325d978  NotificationEvent
            fffffa800325d990  NotificationEvent
            fffffa800325d9a8  NotificationEvent
            fffffa800325d9c0  NotificationEvent
            fffffa800325d9d8  NotificationEvent
            fffffa800325d9f0  NotificationEvent
            fffffa800325da08  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740171       Ticks: 957 (0:00:00:14.929)
        Context Switch Count      243            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address bthport!HCI_ThreadFunction (0xfffff880044df418)
        Stack Init fffff88003071dd0 Current fffff88003071770
        Base fffff88003072000 Limit fffff8800306c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800183f080  Cid 0004.01a0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8002e421e8  SynchronizationEvent
            fffffa8002e42240  SynchronizationEvent
            fffffa8002e42298  SynchronizationEvent
            fffffa8002e42178  SynchronizationEvent
            fffffa8002e42148  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733181       Ticks: 7947 (0:00:02:03.973)
        Context Switch Count      25299          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address BasicRender!WARPKMADAPTER::WarpGPUWorkerThread (0xfffff880019f2860)
        Stack Init fffff88003c4bdd0 Current fffff88003c4abd0
        Base fffff88003c4c000 Limit fffff88003c46000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800188f080  Cid 0004.01a4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80018d8948  SynchronizationEvent
            fffffa80018d8910  SynchronizationEvent
            fffffa80018d89b8  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734591       Ticks: 6537 (0:00:01:41.977)
        Context Switch Count      68404          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c)
        Stack Init fffff88003c5add0 Current fffff88003c5a850
        Base fffff88003c5b000 Limit fffff88003c55000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800188db00  Cid 0004.01a8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable
            fffff88003c3db28  SynchronizationEvent
            fffff88003c3db10  SynchronizationEvent
            fffff88003c3dae0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65555          Ticks: 15675573 (2:19:55:40.506)
        Context Switch Count      45             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dxgkrnl!BLTQUEUE::BltQueueWorkerThread (0xfffff880034a21e8)
        Stack Init fffff88003c3ddd0 Current fffff88003c3d780
        Base fffff88003c3e000 Limit fffff88003c38000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80033af900  Cid 0004.01e0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Alertable
            fffffa8002e8a880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740914       Ticks: 214 (0:00:00:03.338)
        Context Switch Count      481            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
*** WARNING: Unable to verify timestamp for msrpc.sys
*** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
        Win32 Start Address msrpc (0xfffff88000c9cb70)
        Stack Init fffff88003de6dd0 Current fffff88003de6650
        Base fffff88003de7000 Limit fffff88003de1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80036fb740  Cid 0004.02a8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa800373f0e0  NotificationEvent
            fffffa800373f0f8  SynchronizationEvent
            fffffa800373f140  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740132       Ticks: 996 (0:00:00:15.537)
        Context Switch Count      11275          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.187
        Win32 Start Address luafv!UsnThread (0xfffff88015276f50)
        Stack Init fffff880150bcdd0 Current fffff880150bc8f0
        Base fffff880150bd000 Limit fffff880150b7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003048980  Cid 0004.04bc  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8003048050  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      28512          Ticks: 15712616 (2:20:05:18.380)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010)
        Stack Init fffff88014e92dd0 Current fffff88014e929f0
        Base fffff88014e93000 Limit fffff88014e8d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003048440  Cid 0004.04c0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8003048ed0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      28702          Ticks: 15712426 (2:20:05:15.416)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address HTTP!UlpThreadPoolWorker (0xfffff88015b04010)
        Stack Init fffff88014e99dd0 Current fffff88014e999f0
        Base fffff88014e9a000 Limit fffff88014e94000 Call 0
        Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003050b00  Cid 0004.04c4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80017f3ee0  NotificationEvent
            fffffa8001845760  NotificationEvent
            fffff88015afb780  NotificationEvent
            fffff88015afb7a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15730694       Ticks: 10434 (0:00:02:42.771)
        Context Switch Count      75             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address HTTP!UlpScavengerThread (0xfffff88015ab8c90)
        Stack Init fffff88014ea0dd0 Current fffff88014ea08c0
        Base fffff88014ea1000 Limit fffff88014e9b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003093b00  Cid 0004.0504  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88015bc09c0  SynchronizationEvent
            fffff88015bc09a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727956       Ticks: 13172 (0:00:03:25.484)
        Context Switch Count      65             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mpsdrv!IP6StringToAddress (0xfffff88015bb2600)
        Stack Init fffff88014efbdd0 Current fffff88014efb9e0
        Base fffff88014efc000 Limit fffff88014ef6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80030ad080  Cid 0004.051c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80030a1230  SynchronizationEvent
            fffffa80030a1248  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736873       Ticks: 4255 (0:00:01:06.378)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88014f1edd0 Current fffff88014f1e9e0
        Base fffff88014f1f000 Limit fffff88014f19000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003b63040  Cid 0004.0560  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80019f29f8  SynchronizationEvent
            fffffa80019f2a10  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736919       Ticks: 4209 (0:00:01:05.660)
        Context Switch Count      169            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address Ndu!NduTokenComputeTokensWorkerRoutine (0xfffff8801534cd58)
        Stack Init fffff88014f87dd0 Current fffff88014f879e0
        Base fffff88014f88000 Limit fffff88014f82000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003bc0700  Cid 0004.0624  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8003bf59f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739618       Ticks: 1510 (0:00:00:23.556)
        Context Switch Count      199            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88015e1bdd0 Current fffff88015e1b950
        Base fffff88015e1c000 Limit fffff88015e16000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003df1b00  Cid 0004.06e8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88015c3b5a8  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682200       Ticks: 58928 (0:00:15:19.282)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630)
        Stack Init fffff88015ed1dd0 Current fffff88015ed1a10
        Base fffff88015ed2000 Limit fffff88015ecc000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003df15c0  Cid 0004.06ec  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88015c3b580  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681641       Ticks: 59487 (0:00:15:28.003)
        Context Switch Count      9              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630)
        Stack Init fffff88015eb5dd0 Current fffff88015eb5a10
        Base fffff88015eb6000 Limit fffff88015eb0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003defb00  Cid 0004.06f0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88015c3b5d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address srv2!SrvProcBackPocketThread (0xfffff88015c51630)
        Stack Init fffff88015ed8dd0 Current fffff88015ed8a10
        Base fffff88015ed9000 Limit fffff88015ed3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003def5c0  Cid 0004.06f4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffffa8003e38168  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address srv2!SrvProcIRPThread (0xfffff88015c54a50)
        Stack Init fffff88015edfdd0 Current fffff88015edf9c0
        Base fffff88015ee0000 Limit fffff88015eda000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003e6eb00  Cid 0004.0700  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003e669a8  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0)
        Stack Init fffff88015ef4dd0 Current fffff88015ef4970
        Base fffff88015ef5000 Limit fffff88015eef000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e6e5c0  Cid 0004.0704  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003e66cc8  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0)
        Stack Init fffff88015efbdd0 Current fffff88015efb970
        Base fffff88015efc000 Limit fffff88015ef6000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e7e040  Cid 0004.0708  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003e66648  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0)
        Stack Init fffff88015f02dd0 Current fffff88015f02970
        Base fffff88015f03000 Limit fffff88015efd000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e7eb00  Cid 0004.070c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffff88015399c18  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12506          Ticks: 15728622 (2:20:09:28.075)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!IopThreadStart (0xfffff802b3e178c0)
        Stack Init fffff88015f09dd0 Current fffff88015f09970
        Base fffff88015f0a000 Limit fffff88015f04000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80040a8080  Cid 0004.0858  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d10f08  NotificationEvent
            fffff802b3d10ec8  NotificationEvent
            fffff802b3d10eb0  NotificationEvent
            fffff802b3d11190  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740942       Ticks: 186 (0:00:00:02.901)
        Context Switch Count      4821           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.546
        Win32 Start Address nt!PfTLoggingWorker (0xfffff802b3f605a0)
        Stack Init fffff8801628cdd0 Current fffff8801628c8f0
        Base fffff8801628d000 Limit fffff88016287000 Call 0
        Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003e14b00  Cid 0004.0924  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001a2e9a0  Semaphore Limit 0x4000
            fffffa8001a2e9e8  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      14339          Ticks: 15726789 (2:20:08:59.480)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address igdkmd64!_KmFileIoDeferredFileProcessingThreadRoutine (0xfffff88003ecd5e0)
        Stack Init fffff880161e2dd0 Current fffff880161e24e0
        Base fffff880161e3000 Limit fffff880161dd000 Call 0
        Priority 7 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003fe9b00  Cid 0004.0928  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa80018a4a90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15678938       Ticks: 62190 (0:00:16:10.170)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dxgkrnl!DpiPowerArbiterThread (0xfffff880034d2c6c)
        Stack Init fffff8801636cdd0 Current fffff8801636ca20
        Base fffff8801636d000 Limit fffff88016367000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018b6b00  Cid 0004.094c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001899948  SynchronizationEvent
            fffffa8001899910  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      52310          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:02.152
        Win32 Start Address dxgmms1!VidSchiWorkerThread (0xfffff880035bc57c)
        Stack Init fffff8801638fdd0 Current fffff8801638f850
        Base fffff88016390000 Limit fffff8801638a000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800416db00  Cid 0004.0c1c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d1b0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      1166           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff8801722cdd0 Current fffff8801722c9d0
        Base fffff8801722d000 Limit fffff88017227000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001f1eb00  Cid 0004.0fb4  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736574       Ticks: 4554 (0:00:01:11.042)
        Context Switch Count      12894          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.358
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88014f95dd0 Current fffff88014f959d0
        Base fffff88014f96000 Limit fffff88014f90000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800406ea40  Cid 0004.0f88  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d160  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741089       Ticks: 39 (0:00:00:00.608)
        Context Switch Count      1547           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff8801754fdd0 Current fffff8801754f9d0
        Base fffff88017550000 Limit fffff8801754a000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003fb7040  Cid 0004.0f8c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d110  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734339       Ticks: 6789 (0:00:01:45.909)
        Context Switch Count      18574          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:04.461
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88015f33dd0 Current fffff88015f339d0
        Base fffff88015f34000 Limit fffff88015f2e000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e8a3c0  Cid 0004.0d54  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d110  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      1236           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:02.137
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88015f3add0 Current fffff88015f3a9d0
        Base fffff88015f3b000 Limit fffff88015f35000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001da2380  Cid 0004.0f28  Teb: 0000000000000000 Win32Thread: 0000000000000000 READY on processor 1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      2738           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:06.427
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88015f41dd0 Current fffff88015f419d0
        Base fffff88015f42000 Limit fffff88015f3c000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003da1b00  Cid 0004.0eb0  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741099       Ticks: 29 (0:00:00:00.452)
        Context Switch Count      8016           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.358
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88015f87dd0 Current fffff88015f879d0
        Base fffff88015f88000 Limit fffff88015f82000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80037195c0  Cid 0004.0eb8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d110  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740200       Ticks: 928 (0:00:00:14.476)
        Context Switch Count      724            IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:02.137
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88016014dd0 Current fffff880160149d0
        Base fffff88016015000 Limit fffff8801600f000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002353b00  Cid 0004.0f1c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15720041       Ticks: 21087 (0:00:05:28.959)
        Context Switch Count      2281           IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.062
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88016030dd0 Current fffff880160309d0
        Base fffff88016031000 Limit fffff8801602b000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002128840  Cid 0004.0ef8  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736573       Ticks: 4555 (0:00:01:11.058)
        Context Switch Count      454            IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88016037dd0 Current fffff880160379d0
        Base fffff88016038000 Limit fffff88016032000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800236cb00  Cid 0004.0ebc  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa800183bbc5  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733088       Ticks: 8040 (0:00:02:05.424)
        Context Switch Count      24255          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:03.026
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88016076dd0 Current fffff880160761a0
        Base fffff88016077000 Limit fffff88016071000 Call 0
        Priority 12 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002376b00  Cid 0004.0d8c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741127       Ticks: 1 (0:00:00:00.015)
        Context Switch Count      18608          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.452
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff880160a0dd0 Current fffff880160a09d0
        Base fffff880160a1000 Limit fffff8801609b000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001ee6b00  Cid 0004.0f64  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15718535       Ticks: 22593 (0:00:05:52.453)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff880173e9dd0 Current fffff880173e99d0
        Base fffff880173ea000 Limit fffff880173e4000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002d78500
    SessionId: none  Cid: 011c    Peb: 7f6a68af000  ParentCid: 0004
    DirBase: 06696000  ObjectTable: fffff8a000b3b840  HandleCount: <Data Not Accessible>
    Image: smss.exe
    VadRoot fffffa8002ccfaf0 Vads 15 Clone 0 Private 67. Modified 46. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a000b3e040
    ElapsedTime                       2 Days 20:12:14.852
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.046
    QuotaPoolUsage[PagedPool]         12368
    QuotaPoolUsage[NonPagedPool]      2576
    Working Set Sizes (now,min,max)  (210, 50, 345) (840KB, 200KB, 1380KB)
    PeakWorkingSetSize                236
    VirtualSize                       4 Mb
    PeakVirtualSize                   23 Mb
    PageFaultCount                    562
    MemoryPriority                    BACKGROUND
    BasePriority                      11
    CommitCharge                      80

    Setting context for this process...
.process /p /r fffffa8002d78500
                                       
    !peb
PEB at 000007f6a68af000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6a6b40000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000cf0be31810 . 000000cf0be31810
    Ldr.InLoadOrderModuleList:           000000cf0be31970 . 000000cf0be317f0
    Ldr.InMemoryOrderModuleList:         000000cf0be31980 . 000000cf0be31800
                    Base TimeStamp                     Module
             7f6a6b40000 5010ac3a Jul 26 03:32:26 2012 \SystemRoot\System32\smss.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000cf0be30000
    ProcessParameters: 000000cf0be308f0
    CurrentDirectory:  'C:\WINDOWS\'
    WindowTitle:  '< Name not readable >'
    ImageFile:    '\SystemRoot\System32\smss.exe'
    CommandLine:  '\SystemRoot\System32\smss.exe'
    DllPath:      '< Name not readable >'
    Environment:  000000cf0be30860
        Path=C:\WINDOWS\System32
        SystemDrive=C:
        SystemRoot=C:\WINDOWS


        THREAD fffffa8002dd1b00  Cid 011c.0120  Teb: 000007f6a68ad000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002e6b1c0  ProcessObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d78500       Image:         smss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      4944           Ticks: 15736184 (2:20:11:26.043)
        Context Switch Count      548            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.436
        Win32 Start Address smss!NtProcessStartupW (0x000007f6a6b5bf10)
        Stack Init fffff88003001dd0 Current fffff880030010f0
        Base fffff88003002000 Limit fffff88002ffc000 Call 0
        Priority 13 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800209c440  Cid 011c.0ff0  Teb: 000007f6a68ab000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002db4d00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d78500       Image:         smss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65560          Ticks: 15675568 (2:19:55:40.428)
        Context Switch Count      30             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880165f1dd0 Current fffff880165f1760
        Base fffff880165f2000 Limit fffff880165ec000 Call 0
        Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d37700  Cid 011c.0d18  Teb: 000007f6a68a7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002db4d00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d78500       Image:         smss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65560          Ticks: 15675568 (2:19:55:40.428)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003035dd0 Current fffff88003035760
        Base fffff88003036000 Limit fffff88003030000 Call 0
        Priority 11 BasePriority 11 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8002e6b1c0
    SessionId: 0  Cid: 0190    Peb: 7f7688e8000  ParentCid: 0188
    DirBase: 114d5000  ObjectTable: fffff8a001c6c680  HandleCount: <Data Not Accessible>
    Image: csrss.exe
    VadRoot fffffa80037bb420 Vads 87 Clone 0 Private 323. Modified 348. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a001c6ca80
    ElapsedTime                       2 Days 20:11:51.905
    UserTime                          00:00:00.015
    KernelTime                        00:00:01.372
    QuotaPoolUsage[PagedPool]         119768
    QuotaPoolUsage[NonPagedPool]      11280
    Working Set Sizes (now,min,max)  (3840, 50, 345) (15360KB, 200KB, 1380KB)
    PeakWorkingSetSize                9500
    VirtualSize                       43 Mb
    PeakVirtualSize                   49 Mb
    PageFaultCount                    92593
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      349

    Setting context for this process...
.process /p /r fffffa8002e6b1c0
                                       
    !peb
PEB at 000007f7688e8000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7697f0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000001685cd1680 . 0000001685ce1c00
    Ldr.InLoadOrderModuleList:           0000001685cd17e0 . 0000001685ce1be0
    Ldr.InMemoryOrderModuleList:         0000001685cd17f0 . 0000001685ce1bf0
                    Base TimeStamp                     Module
             7f7697f0000 5010ac39 Jul 26 03:32:25 2012 C:\WINDOWS\system32\csrss.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef4e80000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\CSRSRV.dll
             7fef4e60000 5010ac2a Jul 26 03:32:10 2012 C:\WINDOWS\system32\basesrv.DLL
             7fef4e20000 505a9a3c Sep 20 05:23:24 2012 C:\WINDOWS\system32\winsrv.DLL
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\SYSTEM32\kernelbase.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\SYSTEM32\kernel32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef4e10000 5010aa9e Jul 26 03:25:34 2012 C:\WINDOWS\system32\sxssrv.DLL
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\system32\sxs.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000001685cd0000
    ProcessParameters: 0000001685cd0d00
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  '< Name not readable >'
    ImageFile:    'C:\WINDOWS\system32\csrss.exe'
    CommandLine:  '%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16'
    DllPath:      '< Name not readable >'
    Environment:  0000001685cd0860
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        windir=C:\WINDOWS


        THREAD fffffa80032b0600  Cid 0190.01ac  Teb: 000007f7688ec000 Win32Thread: fffff901006ddb90 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa80032b09a8  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a0023e4b90 : queued at port fffffa8003781330 : owned by process fffffa8003740540
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0)
        Stack Init fffff88003dacdd0 Current fffff88003dac660
        Base fffff88003dad000 Limit fffff88003da7000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e6a940  Cid 0190.01b0  Teb: 000007f7688ea000 Win32Thread: fffff901006c1b90 WAIT: (UserRequest) UserMode Alertable
            fffffa800279a6c0  SynchronizationEvent
            fffffa80031b6be0  SynchronizationEvent
            fffffa8002e4b7a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      28             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630)
        Stack Init fffff88003dbadd0 Current fffff88003dba180
        Base fffff88003dbb000 Limit fffff88003db5000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80019ccb00  Cid 0190.01b4  Teb: 000007f7688e6000 Win32Thread: fffff901000c4b90 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa80019ccea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740979       Ticks: 149 (0:00:00:02.324)
        Context Switch Count      1385           IdealProcessor: 0             
        UserTime                  00:00:00.140
        KernelTime                00:00:00.078
        Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c)
        Stack Init fffff88003db3dd0 Current fffff88003db3750
        Base fffff88003db4000 Limit fffff88003dae000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e8cb00  Cid 0190.01b8  Teb: 000007f7688e4000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8002e8cea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10)
        Stack Init fffff88003dc1dd0 Current fffff88003dc17a0
        Base fffff88003dc2000 Limit fffff88003dbc000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002ecc9c0  Cid 0190.01d8  Teb: 000007f7688ee000 Win32Thread: fffff901001a5450 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8002eccd68  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740979       Ticks: 149 (0:00:00:02.324)
        Context Switch Count      1291           IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.046
        Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c)
        Stack Init fffff88003dd1dd0 Current fffff88003dd1750
        Base fffff88003dd2000 Limit fffff88003dcc000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800368ab00  Cid 0190.0210  Teb: 000007f7687be000 Win32Thread: fffff901001a3b90 WAIT: (WrUserRequest) KernelMode Alertable
            fffffa800367bb50  SynchronizationEvent
            fffffa800367b970  NotificationTimer
            fffffa800367b920  SynchronizationTimer
            fffff802b3d20c20  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      307            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0)
        Stack Init fffff88003deddd0 Current fffff88003ded810
        Base fffff88003dee000 Limit fffff88003de8000 Call 0
        Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800367fb00  Cid 0190.0214  Teb: 000007f7687bc000 Win32Thread: fffff901001a3610 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa800367b8f0  SynchronizationEvent
            fffffa8002eec1f0  SynchronizationEvent
            fffffa80036828e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      38             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0)
        Stack Init fffff8801501bdd0 Current fffff8801501b7e0
        Base fffff8801501c000 Limit fffff88015016000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003799b00  Cid 0190.02f8  Teb: 000007f7687ba000 Win32Thread: fffff901000bb580 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80037999f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0)
        Stack Init fffff8801512cdd0 Current fffff8801512c750
        Base fffff8801512d000 Limit fffff88015127000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001eec080  Cid 0190.0258  Teb: 000007f7687b4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dbd180  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e6b1c0       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740099       Ticks: 1029 (0:00:00:16.052)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016373dd0 Current fffff88016373760
        Base fffff88016374000 Limit fffff8801636e000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002e7b940
    SessionId: 0  Cid: 01c4    Peb: 7f6f01fc000  ParentCid: 0188
    DirBase: 2449b000  ObjectTable: fffff8a00156ed80  HandleCount: <Data Not Accessible>
    Image: wininit.exe
    VadRoot fffffa8002d8f2f0 Vads 42 Clone 0 Private 175. Modified 121. Locked 2.
    DeviceMap fffff8a00000c340
    Token                             fffff8a00156d610
    ElapsedTime                       2 Days 20:11:36.367
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         97312
    QuotaPoolUsage[NonPagedPool]      8128
    Working Set Sizes (now,min,max)  (942, 50, 345) (3768KB, 200KB, 1380KB)
    PeakWorkingSetSize                1006
    VirtualSize                       40 Mb
    PeakVirtualSize                   43 Mb
    PageFaultCount                    1558
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      255

    Setting context for this process...
.process /p /r fffffa8002e7b940
                                       
    !peb
PEB at 000007f6f01fc000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6f0910000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000e716ab14b0 . 000000e716abe230
    Ldr.InLoadOrderModuleList:           000000e716ab1610 . 000000e716abe210
    Ldr.InMemoryOrderModuleList:         000000e716ab1620 . 000000e716abe220
                    Base TimeStamp                     Module
             7f6f0910000 50108947 Jul 26 01:03:19 2012 C:\WINDOWS\system32\wininit.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4de0000 50108942 Jul 26 01:03:14 2012 C:\WINDOWS\SYSTEM32\wininitext.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000e716ab0000
    ProcessParameters: 000000e716ab0d00
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  '< Name not readable >'
    ImageFile:    'C:\WINDOWS\system32\wininit.exe'
    CommandLine:  'wininit.exe'
    DllPath:      '< Name not readable >'
    Environment:  000000e716acc940
        ALLUSERSPROFILE=C:\ProgramData
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8002e8b5c0  Cid 01c4.01c8  Teb: 000007f6f01fe000 Win32Thread: fffff901000d4820 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003686d60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e7b940       Image:         wininit.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      7115           Ticks: 15734013 (2:20:10:52.175)
        Context Switch Count      2948           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.358
        Win32 Start Address wininit!WinMainCRTStartup (0x000007f6f0915c8c)
        Stack Init fffff88003c68dd0 Current fffff88003c68900
        Base fffff88003c69000 Limit fffff88003c63000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80041acb00  Cid 01c4.0e20  Teb: 000007f6f01fa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002e6bd40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002e7b940       Image:         wininit.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65543          Ticks: 15675585 (2:19:55:40.693)
        Context Switch Count      43             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015f6bdd0 Current fffff88015f6b760
        Base fffff88015f6c000 Limit fffff88015f66000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa80033c3080
    SessionId: 0  Cid: 0220    Peb: 7f75ab5d000  ParentCid: 01c4
    DirBase: 2e23b000  ObjectTable: fffff8a0016a32c0  HandleCount: <Data Not Accessible>
    Image: services.exe
    VadRoot fffffa800373e230 Vads 66 Clone 0 Private 819. Modified 718. Locked 2.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0016a8060
    ElapsedTime                       2 Days 20:11:16.711
    UserTime                          00:00:00.327
    KernelTime                        00:00:01.326
    QuotaPoolUsage[PagedPool]         93456
    QuotaPoolUsage[NonPagedPool]      11424
    Working Set Sizes (now,min,max)  (1728, 50, 345) (6912KB, 200KB, 1380KB)
    PeakWorkingSetSize                2755
    VirtualSize                       31 Mb
    PeakVirtualSize                   46 Mb
    PageFaultCount                    6611
    MemoryPriority                    BACKGROUND
    BasePriority                      9
    CommitCharge                      1007

    Setting context for this process...
.process /p /r fffffa80033c3080
                                       
    !peb
PEB at 000007f75ab5d000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f75acc0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000069837d1880 . 0000006983802d00
    Ldr.InLoadOrderModuleList:           00000069837d19e0 . 0000006983802ce0
    Ldr.InMemoryOrderModuleList:         00000069837d19f0 . 0000006983802cf0
                    Base TimeStamp                     Module
             7f75acc0000 505ab374 Sep 20 07:11:00 2012 C:\WINDOWS\system32\services.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef4a40000 50108a5e Jul 26 01:07:58 2012 C:\WINDOWS\system32\scext.dll
             7fef4920000 505a9abe Sep 20 05:25:34 2012 C:\WINDOWS\system32\UBPM.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\system32\srvcli.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\SYSTEM32\spinf.dll
             7fef4160000 501088ac Jul 26 01:00:44 2012 C:\WINDOWS\SYSTEM32\scesrv.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\system32\AUTHZ.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000069837d0000
    ProcessParameters: 00000069837d1030
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\services.exe'
    ImageFile:    'C:\WINDOWS\system32\services.exe'
    CommandLine:  'C:\WINDOWS\system32\services.exe'
    DllPath:      '< Name not readable >'
    Environment:  00000069837d0860
        ALLUSERSPROFILE=C:\ProgramData
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa800372cb00  Cid 0220.0278  Teb: 000007f75ab53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e1e760  SynchronizationEvent
            fffffa8003715800  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736073       Ticks: 5055 (0:00:01:18.858)
        Context Switch Count      681            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address UBPM!UbpmpConsumeEvents (0x000007fef493cb10)
        Stack Init fffff8801507ddd0 Current fffff8801507d180
        Base fffff8801507e000 Limit fffff88015078000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003746640  Cid 0220.02a4  Teb: 000007f75aa2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003743080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12509          Ticks: 15728619 (2:20:09:28.028)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150cadd0 Current fffff880150ca760
        Base fffff880150cb000 Limit fffff880150c5000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cc5b00  Cid 0220.0ab4  Teb: 000007f75aa2e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80038142e0  NotificationEvent
            fffffa8002cf71c0  ProcessObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680792       Ticks: 60336 (0:00:15:41.247)
        Context Switch Count      157            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014f09dd0 Current fffff88014f09180
        Base fffff88014f0a000 Limit fffff88014f04000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cfdb00  Cid 0220.0284  Teb: 000007f75ab59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800371d980  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740200       Ticks: 928 (0:00:00:14.476)
        Context Switch Count      294            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880165c9dd0 Current fffff880165c9760
        Base fffff880165ca000 Limit fffff880165c4000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002669080  Cid 0220.07cc  Teb: 000007f75aa24000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800370d800  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738591       Ticks: 2537 (0:00:00:39.577)
        Context Switch Count      63             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017053dd0 Current fffff88017053760
        Base fffff88017054000 Limit fffff8801704e000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002664b00  Cid 0220.097c  Teb: 000007f75ab5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800371d980  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740200       Ticks: 928 (0:00:00:14.476)
        Context Switch Count      53             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880164e9dd0 Current fffff880164e9760
        Base fffff880164ea000 Limit fffff880164e4000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d2c700  Cid 0220.0ca4  Teb: 000007f75ab5b000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800371d980  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733062       Ticks: 8066 (0:00:02:05.830)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880164f2dd0 Current fffff880164f2760
        Base fffff880164f3000 Limit fffff880164ed000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80018f5b00  Cid 0220.05f0  Teb: 000007f75aa28000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800370d800  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80033c3080       Image:         services.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736073       Ticks: 5055 (0:00:01:18.858)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880164e1dd0 Current fffff880164e1760
        Base fffff880164e2000 Limit fffff880164dc000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003694940
    SessionId: 0  Cid: 0228    Peb: 7f6f354f000  ParentCid: 01c4
    DirBase: 2e64e000  ObjectTable: fffff8a0016aca40  HandleCount: <Data Not Accessible>
    Image: lsass.exe
    VadRoot fffffa800365b990 Vads 109 Clone 0 Private 892. Modified 1044. Locked 2.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0016c6860
    ElapsedTime                       2 Days 20:11:15.588
    UserTime                          00:00:00.546
    KernelTime                        00:00:01.372
    QuotaPoolUsage[PagedPool]         100688
    QuotaPoolUsage[NonPagedPool]      24352
    Working Set Sizes (now,min,max)  (2680, 50, 345) (10720KB, 200KB, 1380KB)
    PeakWorkingSetSize                2731
    VirtualSize                       36 Mb
    PeakVirtualSize                   38 Mb
    PageFaultCount                    5181
    MemoryPriority                    BACKGROUND
    BasePriority                      9
    CommitCharge                      1107

    Setting context for this process...
.process /p /r fffffa8003694940
                                       
    !peb
PEB at 000007f6f354f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6f3890000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000002279a01870 . 0000002279a45ce0
    Ldr.InLoadOrderModuleList:           0000002279a019d0 . 0000002279a45cc0
    Ldr.InMemoryOrderModuleList:         0000002279a019e0 . 0000002279a45cd0
                    Base TimeStamp                     Module
             7f6f3890000 505a9bdf Sep 20 05:30:23 2012 C:\WINDOWS\system32\lsass.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4b90000 505ab35e Sep 20 07:10:38 2012 C:\WINDOWS\system32\SspiSrv.dll
             7fef4a50000 5010890e Jul 26 01:02:22 2012 C:\WINDOWS\system32\lsasrv.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef4980000 50108928 Jul 26 01:02:48 2012 C:\WINDOWS\SYSTEM32\samsrv.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll
             7fef4820000 5010acc1 Jul 26 03:34:41 2012 C:\WINDOWS\system32\msprivs.DLL
             7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll
             7fef47b0000 50108948 Jul 26 01:03:20 2012 C:\WINDOWS\system32\negoexts.DLL
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL
             7fef4520000 50108926 Jul 26 01:02:46 2012 C:\WINDOWS\system32\netlogon.DLL
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll
             7fef4440000 50108a08 Jul 26 01:06:32 2012 C:\WINDOWS\system32\logoncli.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4370000 50108a46 Jul 26 01:07:34 2012 C:\WINDOWS\system32\wdigest.DLL
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4300000 5010895c Jul 26 01:03:40 2012 C:\WINDOWS\system32\tspkg.DLL
             7fef42b0000 50108915 Jul 26 01:02:29 2012 C:\WINDOWS\system32\pku2u.DLL
             7fef4260000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\livessp.DLL
             7fef4240000 5010a978 Jul 26 03:20:40 2012 C:\WINDOWS\system32\efslsaext.dll
             7fef4210000 5010870d Jul 26 00:53:49 2012 C:\WINDOWS\system32\dpapisrv.dll
             7fef41d0000 501088ba Jul 26 01:00:58 2012 C:\WINDOWS\system32\scecli.DLL
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\winsta.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\SYSTEM32\wevtapi.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7feeb050000 50108a8f Jul 26 01:08:47 2012 C:\WINDOWS\system32\ncryptprov.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7feeb010000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\dssenh.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\system32\DPAPI.dll
             7feea850000 501088a9 Jul 26 01:00:41 2012 C:\WINDOWS\system32\keyiso.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\system32\AUTHZ.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fee6d90000 5010a4fc Jul 26 03:01:32 2012 C:\WINDOWS\system32\certpoleng.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll
             7fee90e0000 501085c0 Jul 26 00:48:16 2012 C:\Windows\System32\vaultsvc.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000002279a00000
    ProcessParameters: 0000002279a01030
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\lsass.exe'
    ImageFile:    'C:\WINDOWS\system32\lsass.exe'
    CommandLine:  'C:\WINDOWS\system32\lsass.exe'
    DllPath:      '< Name not readable >'
    Environment:  0000002279a00860
        ALLUSERSPROFILE=C:\ProgramData
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\System32
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8003672080  Cid 0228.0230  Teb: 000007f6f354b000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8003672428  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680668       Ticks: 60460 (0:00:15:43.182)
        Context Switch Count      102            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address lsass!LsapRmServerThread (0x000007f6f3891040)
        Stack Init fffff88015029dd0 Current fffff880150297a0
        Base fffff8801502a000 Limit fffff88015024000 Call 0
        Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800369cb00  Cid 0228.0234  Teb: 000007f6f3549000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800368c4c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15692050       Ticks: 49078 (0:00:12:45.621)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address lsasrv!ServiceDispatcherThread (0x000007fef4aa3990)
        Stack Init fffff8801504cdd0 Current fffff8801504c900
        Base fffff8801504d000 Limit fffff88015047000 Call 0
        Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80036f4700  Cid 0228.023c  Teb: 000007f6f3545000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80036f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15731618       Ticks: 9510 (0:00:02:28.356)
        Context Switch Count      25             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801505add0 Current fffff8801505a760
        Base fffff8801505b000 Limit fffff88015055000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f8a080  Cid 0228.0be4  Teb: 000007f6f354d000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800364e880  QueueObject
        IRP List:
            fffffa800274cc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739847       Ticks: 1281 (0:00:00:19.983)
        Context Switch Count      4108           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.218
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801708bdd0 Current fffff8801708b760
        Base fffff8801708c000 Limit fffff88017086000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001fa3080  Cid 0228.0c94  Teb: 000007f6f3547000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800364e880  QueueObject
        IRP List:
            fffffa800404d990: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736066       Ticks: 5062 (0:00:01:18.967)
        Context Switch Count      4649           IdealProcessor: 0             
        UserTime                  00:00:00.124
        KernelTime                00:00:00.124
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e68dd0 Current fffff88014e68760
        Base fffff88014e69000 Limit fffff88014e63000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cc6080  Cid 0228.0b64  Teb: 000007f6f341e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800364e880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739107       Ticks: 2021 (0:00:00:31.527)
        Context Switch Count      650            IdealProcessor: 0             
        UserTime                  00:00:00.078
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014edfdd0 Current fffff88014edf760
        Base fffff88014ee0000 Limit fffff88014eda000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d4fb00  Cid 0228.0b8c  Teb: 000007f6f341c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800364e880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003694940       Image:         lsass.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736066       Ticks: 5062 (0:00:01:18.967)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017092dd0 Current fffff88017092760
        Base fffff88017093000 Limit fffff8801708d000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8003740540
    SessionId: 0  Cid: 0288    Peb: 7f6fb59b000  ParentCid: 0220
    DirBase: 30729000  ObjectTable: fffff8a0023607c0  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa800371ad60 Vads 95 Clone 0 Private 474. Modified 263. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0023a0060
    ElapsedTime                       2 Days 20:10:57.445
    UserTime                          00:00:00.140
    KernelTime                        00:00:00.296
    QuotaPoolUsage[PagedPool]         119744
    QuotaPoolUsage[NonPagedPool]      13600
    Working Set Sizes (now,min,max)  (2130, 50, 345) (8520KB, 200KB, 1380KB)
    PeakWorkingSetSize                2168
    VirtualSize                       38 Mb
    PeakVirtualSize                   59 Mb
    PageFaultCount                    3201
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      702

    Setting context for this process...
.process /p /r fffffa8003740540
                                       
    !peb
PEB at 000007f6fb59b000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000f7c7e11990 . 000000f7c7e8c9a0
    Ldr.InLoadOrderModuleList:           000000f7c7e11af0 . 000000f7c7e8c980
    Ldr.InMemoryOrderModuleList:         000000f7c7e11b00 . 000000f7c7e8c990
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef40e0000 505ab1e3 Sep 20 07:04:19 2012 c:\windows\system32\umpnpmgr.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef40c0000 501089e6 Jul 26 01:05:58 2012 c:\windows\system32\DEVRTL.dll
             7fef40a0000 505a9b46 Sep 20 05:27:50 2012 c:\windows\system32\umpo.dll
             7fef4090000 50108607 Jul 26 00:49:27 2012 C:\WINDOWS\SYSTEM32\umpoext.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll
             7fef4070000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\HID.DLL
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef3f80000 501086f9 Jul 26 00:53:29 2012 c:\windows\system32\rpcss.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7fef3f00000 505a9858 Sep 20 05:15:20 2012 c:\windows\system32\bisrv.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef3ee0000 505a9ae9 Sep 20 05:26:17 2012 c:\windows\system32\psmsrv.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 c:\windows\system32\WINSTA.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef3e70000 50108406 Jul 26 00:40:54 2012 c:\windows\system32\lsm.dll
             7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll
             7fef3d90000 5010a98e Jul 26 03:21:02 2012 c:\windows\system32\WMsgAPI.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\Userenv.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\Bcrypt.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000f7c7e10000
    ProcessParameters: 000000f7c7e11170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k DcomLaunch'
    DllPath:      '< Name not readable >'
    Environment:  000000f7c7e10860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa800373db00  Cid 0288.028c  Teb: 000007f6fb59e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800373eb60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680787       Ticks: 60341 (0:00:15:41.325)
        Context Switch Count      35             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff880150a7dd0 Current fffff880150a7900
        Base fffff880150a8000 Limit fffff880150a2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800373b8c0  Cid 0288.0290  Teb: 000007f6fb59c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003784180  SynchronizationEvent
            fffffa80037795d0  SynchronizationEvent
            fffffa8003779bc0  SynchronizationEvent
            fffffa8003780940  SynchronizationEvent
            fffffa800325fd00  SynchronizationEvent
            fffffa8003779750  SynchronizationEvent
            fffffa80037796d0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65556          Ticks: 15675572 (2:19:55:40.490)
        Context Switch Count      59             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150aedd0 Current fffff880150ae180
        Base fffff880150af000 Limit fffff880150a9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800375e8c0  Cid 0288.02c4  Teb: 000007f6fb593000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003762540  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      7531           Ticks: 15733597 (2:20:10:45.686)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150fbdd0 Current fffff880150fb760
        Base fffff880150fc000 Limit fffff880150f6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800375d940  Cid 0288.02cc  Teb: 000007f6fb597000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037593c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      20982          Ticks: 15720146 (2:20:07:15.849)
        Context Switch Count      112            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150d1dd0 Current fffff880150d1760
        Base fffff880150d2000 Limit fffff880150cc000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003719b00  Cid 0288.019c  Teb: 000007f6fb466000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800373ea80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738529       Ticks: 2599 (0:00:00:40.544)
        Context Switch Count      1059           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016454dd0 Current fffff88016454760
        Base fffff88016455000 Limit fffff8801644f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80020bc940  Cid 0288.0048  Teb: 000007f6fb595000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800373ea80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738529       Ticks: 2599 (0:00:00:40.544)
        Context Switch Count      1060           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801644ddd0 Current fffff8801644d760
        Base fffff8801644e000 Limit fffff88016448000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001ec1b00  Cid 0288.0f04  Teb: 000007f6fb599000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800373ea80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740464       Ticks: 664 (0:00:00:10.358)
        Context Switch Count      230            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880151e2dd0 Current fffff880151e2760
        Base fffff880151e3000 Limit fffff880151dd000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001dfc900  Cid 0288.0d40  Teb: 000007f6fb464000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003fe3c80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735451       Ticks: 5677 (0:00:01:28.561)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017492dd0 Current fffff88017492760
        Base fffff88017493000 Limit fffff8801748d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d47080  Cid 0288.0f9c  Teb: 000007f6fb462000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa800388f1f0  SynchronizationEvent
            fffffa8003dc6060  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003740540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739363       Ticks: 1765 (0:00:00:27.534)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880174a0dd0 Current fffff880174a0180
        Base fffff880174a1000 Limit fffff8801749b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003763540
    SessionId: 0  Cid: 02b0    Peb: 7f6fab93000  ParentCid: 0220
    DirBase: 30d47000  ObjectTable: fffff8a0023d3940  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa800374bc20 Vads 60 Clone 0 Private 751. Modified 34. Locked 2.
    DeviceMap fffff8a0007b8aa0
    Token                             fffff8a0023d4060
    ElapsedTime                       2 Days 20:10:56.291
    UserTime                          00:00:00.592
    KernelTime                        00:00:00.483
    QuotaPoolUsage[PagedPool]         70192
    QuotaPoolUsage[NonPagedPool]      13744
    Working Set Sizes (now,min,max)  (1623, 50, 345) (6492KB, 200KB, 1380KB)
    PeakWorkingSetSize                1647
    VirtualSize                       26 Mb
    PeakVirtualSize                   29 Mb
    PageFaultCount                    2571
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      903

    Setting context for this process...
.process /p /r fffffa8003763540
                                       
    !peb
PEB at 000007f6fab93000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000d34b6c1a10 . 000000d34b7010a0
    Ldr.InLoadOrderModuleList:           000000d34b6c1b70 . 000000d34b701080
    Ldr.InMemoryOrderModuleList:         000000d34b6c1b80 . 000000d34b701090
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef3f60000 505a9b93 Sep 20 05:29:07 2012 c:\windows\system32\rpcepmap.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll
             7fef3f40000 50108997 Jul 26 01:04:39 2012 C:\WINDOWS\system32\RpcRtRemote.dll
             7fef3f80000 501086f9 Jul 26 00:53:29 2012 c:\windows\system32\rpcss.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\system32\fwpuclnt.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000d34b6c0000
    ProcessParameters: 000000d34b6c11f0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k RPCSS'
    DllPath:      '< Name not readable >'
    Environment:  000000d34b6c0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\Windows\ServiceProfiles\NetworkService
        windir=C:\WINDOWS


        THREAD fffffa8003756080  Cid 02b0.02b4  Teb: 000007f6fab9e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80033d3300  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679237       Ticks: 61891 (0:00:16:05.505)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff880150d8dd0 Current fffff880150d8900
        Base fffff880150d9000 Limit fffff880150d3000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800375cb00  Cid 02b0.02d0  Teb: 000007f6fab98000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800375c060  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738870       Ticks: 2258 (0:00:00:35.225)
        Context Switch Count      182            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff880150eddd0 Current fffff880150ed0f0
        Base fffff880150ee000 Limit fffff880150e8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80033d2b00  Cid 02b0.02d4  Teb: 000007f6fab96000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800376a080  QueueObject
        IRP List:
            fffffa80031cbe10: (0006,01f0) Flags: 00060030  Mdl: 00000000
            fffffa8002e7d4f0: (0006,01f0) Flags: 00060030  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679451       Ticks: 61677 (0:00:16:02.167)
        Context Switch Count      102            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015102dd0 Current fffff88015102760
        Base fffff88015103000 Limit fffff880150fd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f5b080  Cid 02b0.0904  Teb: 000007f6faa66000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800375c300  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736696       Ticks: 4432 (0:00:01:09.139)
        Context Switch Count      99             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570)
        Stack Init fffff880170cadd0 Current fffff880170ca0f0
        Base fffff880170cb000 Limit fffff880170c5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80021b0080  Cid 02b0.0784  Teb: 000007f6faa6a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800375c300  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728874       Ticks: 12254 (0:00:03:11.163)
        Context Switch Count      10             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address rpcss!ObjectExporterTaskThread (0x000007fef3f85570)
        Stack Init fffff8801723add0 Current fffff8801723a0f0
        Base fffff8801723b000 Limit fffff88017235000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003797b00  Cid 02b0.0abc  Teb: 000007f6fab94000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003756d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736683       Ticks: 4445 (0:00:01:09.342)
        Context Switch Count      338            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017172dd0 Current fffff88017172760
        Base fffff88017173000 Limit fffff8801716d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001fc54c0  Cid 02b0.0db0  Teb: 000007f6faa6e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003756d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740965       Ticks: 163 (0:00:00:02.542)
        Context Switch Count      892            IdealProcessor: 0             
        UserTime                  00:00:00.078
        KernelTime                00:00:00.062
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880174dddd0 Current fffff880174dd760
        Base fffff880174de000 Limit fffff880174d8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003757080  Cid 02b0.0f24  Teb: 000007f6fab9a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003756d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8003763540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      103            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017456dd0 Current fffff88017456760
        Base fffff88017457000 Limit fffff88017451000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa800379c940
    SessionId: 0  Cid: 02f0    Peb: 7f6faabb000  ParentCid: 0220
    DirBase: 31659000  ObjectTable: fffff8a00248d1c0  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003792180 Vads 191 Clone 0 Private 2678. Modified 1152. Locked 4.
    DeviceMap fffff8a002487200
    Token                             fffff8a002492060
    ElapsedTime                       2 Days 20:10:54.122
    UserTime                          00:00:00.655
    KernelTime                        00:00:01.170
    QuotaPoolUsage[PagedPool]         182960
    QuotaPoolUsage[NonPagedPool]      32064
    Working Set Sizes (now,min,max)  (5727, 50, 345) (22908KB, 200KB, 1380KB)
    PeakWorkingSetSize                6197
    VirtualSize                       103 Mb
    PeakVirtualSize                   119 Mb
    PageFaultCount                    11110
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      4051

    Setting context for this process...
.process /p /r fffffa800379c940
                                       
    !peb
PEB at 000007f6faabb000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000004033ba1a50 . 00000040360e9010
    Ldr.InLoadOrderModuleList:           0000004033ba1bb0 . 00000040360e8ff0
    Ldr.InMemoryOrderModuleList:         0000004033ba1bc0 . 00000040360e9000
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef3ac0000 501086f4 Jul 26 00:53:24 2012 c:\windows\system32\wevtsvc.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef0fa0000 505a9609 Sep 20 05:05:29 2012 c:\windows\system32\audiosrv.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL
             7fef25f0000 505a994b Sep 20 05:19:23 2012 c:\windows\system32\MMDevAPI.DLL
             7fef2e30000 505ab36d Sep 20 07:10:53 2012 c:\windows\system32\AVRT.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\winsta.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll
             7fef0bc0000 5010abc2 Jul 26 03:30:26 2012 c:\windows\system32\lmhsvc.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL
             7fef0b70000 50108a01 Jul 26 01:06:25 2012 c:\windows\system32\nrpsrv.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL
             7fef0ad0000 50108709 Jul 26 00:53:45 2012 c:\windows\system32\wcmsvc.dll
             7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll
             7fef08b0000 505a9b92 Sep 20 05:29:06 2012 c:\windows\system32\dhcpcore.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\System32\firewallapi.dll
             7fef07f0000 505a9ba2 Sep 20 05:29:22 2012 C:\WINDOWS\System32\dhcpcore6.dll
             7fef07d0000 50108588 Jul 26 00:47:20 2012 C:\WINDOWS\System32\wcmcsp.dll
             7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\System32\WMICLNT.dll
             7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\System32\cryptdll.dll
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\System32\Wlanapi.dll
             7fef03a0000 5063f85e Sep 27 07:55:26 2012 C:\WINDOWS\System32\Wlanhlp.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef0050000 501088cd Jul 26 01:01:17 2012 C:\WINDOWS\System32\SubscriptionMgr.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\System32\wevtapi.dll
             7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\System32\wcmapi.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\System32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\System32\dhcpcsvc.DLL
             7feec0d0000 5010804c Jul 26 00:25:00 2012 c:\windows\system32\provsvc.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll
             7fef1f70000 501082e8 Jul 26 00:36:08 2012 C:\WINDOWS\System32\P2P.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7feed310000 501088aa Jul 26 01:00:42 2012 C:\Windows\System32\fdproxy.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll
             7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll
             7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll
             7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll
             7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\fastprox.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\System32\wkscli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll
             7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\System32\SAMLIB.dll
             7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7feecb60000 501081ca Jul 26 00:31:22 2012 c:\windows\system32\wscsvc.dll
             7fef31b0000 50108834 Jul 26 00:58:44 2012 c:\windows\system32\dbghelp.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\SYSTEM32\ole32.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\System32\WINHTTP.dll
             7feeca40000 505a933a Sep 20 04:53:30 2012 C:\Windows\System32\wuapi.dll
             7feec170000 501089f6 Jul 26 01:06:14 2012 C:\Windows\System32\Cabinet.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\Windows\System32\VERSION.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\shell32.dll
             7feed210000 50108822 Jul 26 00:58:26 2012 C:\WINDOWS\system32\wshbth.dll
             7feec2b0000 5010a97e Jul 26 03:20:46 2012 C:\WINDOWS\System32\winrnr.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feec0b0000 5010a94b Jul 26 03:19:55 2012 C:\WINDOWS\system32\napinsp.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000004033ba0000
    ProcessParameters: 0000004033ba1200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\svchost.exe'
    ImageFile:    'C:\WINDOWS\System32\svchost.exe'
    CommandLine:  'C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted'
    DllPath:      '< Name not readable >'
    Environment:  0000004033ba0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa800379a700  Cid 02f0.02f4  Teb: 000007f6faabe000 Win32Thread: fffff901000bb010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003795770  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680789       Ticks: 60339 (0:00:15:41.294)
        Context Switch Count      125            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88015117dd0 Current fffff88015117900
        Base fffff88015118000 Limit fffff88015112000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037b2b00  Cid 02f0.0308  Teb: 000007f6faab5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800379b750  SynchronizationEvent
            fffffa80037b2680  SynchronizationEvent
            fffffa800376f1b0  SynchronizationEvent
            fffffa800379b4b0  SynchronizationTimer
            fffffa800379b850  SynchronizationTimer
            fffffa80037b2600  SynchronizationEvent
            fffffa800379b7d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679108       Ticks: 62020 (0:00:16:07.518)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wevtsvc!WriteQueuedEvents (0x000007fef3b0bf50)
        Stack Init fffff8801514fdd0 Current fffff8801514f180
        Base fffff88015150000 Limit fffff8801514a000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038cc080  Cid 02f0.02c0  Teb: 000007f6faab7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80038d49c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15719569       Ticks: 21559 (0:00:05:36.322)
        Context Switch Count      309            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address audiosrv!EventWorkerThread (0x000007fef0fa1330)
        Stack Init fffff880154d3dd0 Current fffff880154d37a0
        Base fffff880154d4000 Limit fffff880154ce000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038af8c0  Cid 02f0.02dc  Teb: 000007f6fa986000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80038ac380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679441       Ticks: 61687 (0:00:16:02.323)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015504dd0 Current fffff88015504760
        Base fffff88015505000 Limit fffff880154ff000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003934a80  Cid 02f0.038c  Teb: 000007f6fa980000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039243e0  NotificationEvent
            fffffa8003912880  SynchronizationEvent
            fffffa8003946ae0  NotificationEvent
            fffffa8003939d80  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736066       Ticks: 5062 (0:00:01:18.967)
        Context Switch Count      86             IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015519dd0 Current fffff88015519180
        Base fffff8801551a000 Limit fffff88015514000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003937100  Cid 02f0.03d0  Teb: 000007f6fa97c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80039243e0  NotificationEvent
            fffffa8003937b80  SynchronizationEvent
            fffffa80032b4ac0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734019       Ticks: 7109 (0:00:01:50.901)
        Context Switch Count      131            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dhcpcore6!Dhcpv6Main (0x000007fef07fc110)
        Stack Init fffff88015557dd0 Current fffff88015557180
        Base fffff88015558000 Limit fffff88015552000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039576c0  Cid 02f0.0194  Teb: 000007f6fa97a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa800393e750  NotificationEvent
            fffffa80039574a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11103          Ticks: 15730025 (2:20:09:49.962)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wcmsvc!CdeNotificationListenerThread (0x000007fef0ad97dc)
        Stack Init fffff880154b0dd0 Current fffff880154b0180
        Base fffff880154b1000 Limit fffff880154ab000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800397f080  Cid 02f0.0404  Teb: 000007f6fa978000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa800392fa80  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      188            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address Wlanapi!NotificationApcThreadProc (0x000007fef03bba00)
        Stack Init fffff8801559ddd0 Current fffff8801559d900
        Base fffff8801559e000 Limit fffff88015598000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800397f700  Cid 02f0.0408  Teb: 000007f6fa976000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003938f90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      9576           Ticks: 15731552 (2:20:10:13.784)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wcmcsp!DisconnectCallback (0x000007fef07dc138)
        Stack Init fffff88015596dd0 Current fffff88015596900
        Base fffff88015597000 Limit fffff88015591000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f84b00  Cid 02f0.07c8  Teb: 000007f6fa968000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003d83b50  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      13655          Ticks: 15727473 (2:20:09:10.151)
        Context Switch Count      42             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff880160cadd0 Current fffff880160ca900
        Base fffff880160cb000 Limit fffff880160c5000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800279d800  Cid 02f0.0b80  Teb: 000007f6fa96e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002778930  NotificationEvent
            fffffa8003ee48f0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681386       Ticks: 59742 (0:00:15:31.981)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88015110dd0 Current fffff88015110180
        Base fffff88015111000 Limit fffff8801510b000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037fa080  Cid 02f0.09ec  Teb: 000007f6fa98c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002da9c70  SynchronizationEvent
            fffffa80036d3c70  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737922       Ticks: 3206 (0:00:00:50.013)
        Context Switch Count      364            IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.031
        Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac)
        Stack Init fffff88015195dd0 Current fffff88015195180
        Base fffff88015196000 Limit fffff88015190000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003988700  Cid 02f0.0738  Teb: 000007f6fa98a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80026241c0  SynchronizationEvent
            fffffa80018f7460  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727283       Ticks: 13845 (0:00:03:35.983)
        Context Switch Count      36             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac)
        Stack Init fffff880151a3dd0 Current fffff880151a3180
        Base fffff880151a4000 Limit fffff8801519e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f11080  Cid 02f0.0724  Teb: 000007f6fa98e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e05590  SynchronizationEvent
            fffffa8003dda840  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739381       Ticks: 1747 (0:00:00:27.253)
        Context Switch Count      96             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address wevtsvc!ProcessEventsThread (0x000007fef3b1d5ac)
        Stack Init fffff88015172dd0 Current fffff88015172180
        Base fffff88015173000 Limit fffff8801516d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80039da080  Cid 02f0.09cc  Teb: 000007f6fa96c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800339a7f0  SynchronizationEvent
            fffffa80030abac0  SynchronizationTimer
            fffffa80040b2f50  SynchronizationEvent
            fffffa800362da30  SynchronizationEvent
            fffffa8003e2d320  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679442       Ticks: 61686 (0:00:16:02.307)
        Context Switch Count      257            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wscsvc!CThirdPartyMonitoring::MonitoringThreadProcEntry (0x000007feecb6d438)
        Stack Init fffff88016470dd0 Current fffff88016470180
        Base fffff88016471000 Limit fffff8801646b000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003be9740  Cid 02f0.07f8  Teb: 000007f6fa96a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003e2b900  NotificationEvent
            fffffa8003f1c4d0  SynchronizationEvent
            fffffa80038f4cc0  SynchronizationEvent
            fffffa800265a460  SynchronizationEvent
            fffffa8003f336c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733531       Ticks: 7597 (0:00:01:58.513)
        Context Switch Count      121            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address wscsvc!SystemMonitoringThreadProc (0x000007feecb64140)
        Stack Init fffff88014fb1dd0 Current fffff88014fb1180
        Base fffff88014fb2000 Limit fffff88014fac000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038cdb00  Cid 02f0.0d94  Teb: 000007f6fa95e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037903c0  QueueObject
        IRP List:
            fffffa8001ff9a60: (0006,0598) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738520       Ticks: 2608 (0:00:00:40.685)
        Context Switch Count      2627           IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.062
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016493dd0 Current fffff88016493760
        Base fffff88016494000 Limit fffff8801648e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001c63080  Cid 02f0.0374  Teb: 000007f6fa97e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800393e2a0  SynchronizationEvent
            fffffa800393dd00  SynchronizationEvent
        IRP List:
            fffffa8002e95b50: (0006,0118) Flags: 00060000  Mdl: fffffa8002770f40
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679156       Ticks: 61972 (0:00:16:06.769)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015542dd0 Current fffff88015542180
        Base fffff88015543000 Limit fffff8801553d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800393cb00  Cid 02f0.0c64  Teb: 000007f6fa988000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800393dc80  SynchronizationEvent
            fffffa800393dc00  SynchronizationEvent
        IRP List:
            fffffa8001e94790: (0006,0118) Flags: 00060000  Mdl: fffffa8001805f40
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679156       Ticks: 61972 (0:00:16:06.769)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address lmhsvc!CheckIPAddrWorkerRtn (0x000007fef0bc1544)
        Stack Init fffff88015463dd0 Current fffff88015463180
        Base fffff88015464000 Limit fffff8801545e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f00840  Cid 02f0.0954  Teb: 000007f6fa972000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80019f46e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680337       Ticks: 60791 (0:00:15:48.345)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0)
        Stack Init fffff880170d1dd0 Current fffff880170d1900
        Base fffff880170d2000 Limit fffff880170cc000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002198080  Cid 02f0.0830  Teb: 000007f6faab9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037903c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738520       Ticks: 2608 (0:00:00:40.685)
        Context Switch Count      281            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150b5dd0 Current fffff880150b5760
        Base fffff880150b6000 Limit fffff880150b0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d4c700  Cid 02f0.02e8  Teb: 000007f6faabc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037903c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740464       Ticks: 664 (0:00:00:10.358)
        Context Switch Count      127            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017476dd0 Current fffff88017476760
        Base fffff88017477000 Limit fffff88017471000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e5c080  Cid 02f0.0cf4  Teb: 000007f6fa982000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037903c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      102            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880162c4dd0 Current fffff880162c4760
        Base fffff880162c5000 Limit fffff880162bf000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003ed49c0  Cid 02f0.0974  Teb: 000007f6fa970000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002cbe6c0  NotificationEvent
            fffffa8001eb5e80  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738061       Ticks: 3067 (0:00:00:47.845)
        Context Switch Count      125            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address dhcpcore6!Dhcpv6RenewThread (0x000007fef07f26cc)
        Stack Init fffff880165bbdd0 Current fffff880165bb180
        Base fffff880165bc000 Limit fffff880165b6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80020eb080  Cid 02f0.0134  Teb: 000007f6fa966000 Win32Thread: 0000000000000000 WAIT: (WrAlertByThreadId) UserMode Non-Alertable
            0000004034dad9c0  Unknown
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800379c940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737866       Ticks: 3262 (0:00:00:50.887)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dhcpcore6!Dhcpv6FirewallExemptionThreadProc (0x000007fef07f1044)
        Stack Init fffff8801714fdd0 Current fffff8801714f970
        Base fffff88017150000 Limit fffff8801714a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa80037ae940
    SessionId: 0  Cid: 0314    Peb: 7f6fa949000  ParentCid: 0220
    DirBase: 319e5000  ObjectTable: fffff8a0024fcf00  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003befd40 Vads 657 Clone 0 Private 6019. Modified 39442. Locked 69.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0024fd060
    ElapsedTime                       2 Days 20:10:53.342
    UserTime                          00:00:04.539
    KernelTime                        00:00:02.028
    QuotaPoolUsage[PagedPool]         355128
    QuotaPoolUsage[NonPagedPool]      109904
    Working Set Sizes (now,min,max)  (10940, 50, 345) (43760KB, 200KB, 1380KB)
    PeakWorkingSetSize                39122
    VirtualSize                       549 Mb
    PeakVirtualSize                   567 Mb
    PageFaultCount                    102768
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      8943

    Setting context for this process...
.process /p /r fffffa80037ae940
                                       
    !peb
PEB at 000007f6fa949000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000f273801990 . 000000f20d42bac0
    Ldr.InLoadOrderModuleList:           000000f273801af0 . 000000f20d42baa0
    Ldr.InMemoryOrderModuleList:         000000f273801b00 . 000000f20d42bab0
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef3a10000 50108785 Jul 26 00:55:49 2012 c:\windows\system32\profsvc.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\USERENV.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 c:\windows\system32\profapi.dll
             7fef3870000 5010818f Jul 26 00:30:23 2012 C:\WINDOWS\SYSTEM32\profsvcext.dll
             7fef3840000 501089b3 Jul 26 01:05:07 2012 C:\WINDOWS\system32\NTDSAPI.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\NETAPI32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\WINDOWS\system32\ATL.DLL
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\system32\srvcli.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef37c0000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DFSCLI.DLL
             7fef4440000 50108a08 Jul 26 01:06:32 2012 C:\WINDOWS\system32\LOGONCLI.DLL
             7fef38a0000 50108987 Jul 26 01:04:23 2012 c:\windows\system32\themeservice.dll
             7fef38b0000 501087d7 Jul 26 00:57:11 2012 c:\windows\system32\gpsvc.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 c:\windows\system32\GPAPI.dll
             7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef3550000 50108816 Jul 26 00:58:14 2012 c:\windows\system32\sens.dll
             7fef0310000 5010834a Jul 26 00:37:46 2012 c:\windows\system32\shsvcs.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef01d0000 505a9864 Sep 20 05:15:32 2012 C:\WINDOWS\system32\FVEAPI.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef0080000 501089f7 Jul 26 01:06:15 2012 C:\WINDOWS\system32\FVECERTS.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef0090000 501080a2 Jul 26 00:26:26 2012 c:\windows\system32\schedsvc.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 c:\windows\system32\SspiCli.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 c:\windows\system32\AUTHZ.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 c:\windows\system32\pcwum.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 c:\windows\system32\wevtapi.dll
             7fef4920000 505a9abe Sep 20 05:25:34 2012 c:\windows\system32\UBPM.dll
             7fef0070000 5010ac39 Jul 26 03:32:25 2012 c:\windows\system32\ktmw32.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\XmlLite.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll
             7feefa20000 505a973a Sep 20 05:10:34 2012 C:\Windows\System32\ProximityService.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\wlanapi.dll
             7feef9f0000 50108222 Jul 26 00:32:50 2012 C:\WINDOWS\system32\ProximityCommon.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\MSWSOCK.dll
             7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\system32\WMICLNT.dll
             7feef960000 5010816b Jul 26 00:29:47 2012 C:\WINDOWS\system32\taskcomp.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll
             7feeec10000 50108770 Jul 26 00:55:28 2012 c:\windows\system32\wbem\wmisvc.dll
             7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll
             7feeea00000 501086a3 Jul 26 00:52:03 2012 c:\windows\system32\srvsvc.dll
             7feee9d0000 501089bd Jul 26 01:05:17 2012 c:\windows\system32\browser.dll
             7feee8e0000 501082bb Jul 26 00:35:23 2012 c:\windows\system32\iphlpsvc.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 c:\windows\system32\fwpuclnt.dll
             7fef0f30000 50108a14 Jul 26 01:06:44 2012 c:\windows\system32\rtutils.dll
             7feee8b0000 501087f6 Jul 26 00:57:42 2012 C:\WINDOWS\system32\httpprxm.dll
             7feedfa0000 501089e2 Jul 26 01:05:54 2012 C:\WINDOWS\system32\SSCORE.DLL
             7feedf90000 50108a0c Jul 26 01:06:36 2012 C:\WINDOWS\SYSTEM32\sscoreext.dll
             7feedf70000 501089d8 Jul 26 01:05:44 2012 C:\WINDOWS\system32\mi.dll
             7feedda0000 50108801 Jul 26 00:57:53 2012 C:\WINDOWS\system32\miutils.dll
             7feedfb0000 501085a4 Jul 26 00:47:48 2012 C:\WINDOWS\system32\adhsvc.dll
             7feede90000 501087fc Jul 26 00:57:48 2012 C:\WINDOWS\system32\wmidcom.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\system32\DPAPI.DLL
             7feede60000 5010872e Jul 26 00:54:22 2012 C:\WINDOWS\system32\ncbservice.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7feedf20000 5010abc3 Jul 26 03:30:27 2012 C:\WINDOWS\SYSTEM32\bi.dll
             7feeded0000 501081fc Jul 26 00:32:12 2012 C:\WINDOWS\system32\ACTIVEDS.dll
             7feedcc0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\adsldpc.dll
             7feefa60000 50109e21 Jul 26 02:32:17 2012 C:\WINDOWS\system32\sqmapi.dll
             7feedd00000 5010a1bd Jul 26 02:47:41 2012 C:\WINDOWS\system32\RESUTILS.DLL
             7feedc60000 5010960c Jul 26 01:57:48 2012 C:\WINDOWS\system32\CLUSAPI.dll
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7fef40c0000 501089e6 Jul 26 01:05:58 2012 c:\windows\system32\devrtl.DLL
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7fef34c0000 501098cf Jul 26 02:09:35 2012 C:\WINDOWS\system32\WDSCORE.dll
             7feed330000 501086f9 Jul 26 00:53:29 2012 C:\WINDOWS\system32\NCI.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\SECUR32.DLL
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\system32\slc.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\cscapi.dll
             7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL
             7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll
             7feebdd0000 50108782 Jul 26 00:55:46 2012 C:\WINDOWS\system32\wbem\wbemcore.dll
             7feebd60000 501087c9 Jul 26 00:56:57 2012 C:\WINDOWS\system32\wbem\esscli.dll
             7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\FastProx.dll
             7feed210000 50108822 Jul 26 00:58:26 2012 C:\WINDOWS\system32\wshbth.dll
             7feec2b0000 5010a97e Jul 26 03:20:46 2012 C:\WINDOWS\System32\winrnr.dll
             7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll
             7feec0b0000 5010a94b Jul 26 03:19:55 2012 C:\WINDOWS\system32\napinsp.dll
             7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll
             7fef1ed0000 501087f4 Jul 26 00:57:40 2012 C:\WINDOWS\system32\wbem\wmiutils.dll
             7feed260000 501087c6 Jul 26 00:56:54 2012 C:\WINDOWS\system32\wbem\repdrvfs.dll
             7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll
             7feeb520000 50108796 Jul 26 00:56:06 2012 C:\WINDOWS\system32\wbem\wmiprvsd.dll
             7feed240000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\NCObjAPI.DLL
             7feeb4a0000 5010870e Jul 26 00:53:50 2012 C:\WINDOWS\system32\wbem\wbemess.dll
             7feeaf60000 50108735 Jul 26 00:54:29 2012 C:\WINDOWS\system32\wbem\ncprov.dll
             7feed130000 50108cd4 Jul 26 01:18:28 2012 c:\windows\system32\qmgr.dll
             7feedb70000 501089fd Jul 26 01:06:21 2012 c:\windows\system32\bitsperf.dll
             7feed110000 5010a626 Jul 26 03:06:30 2012 C:\WINDOWS\system32\bitsigd.dll
             7fef1d20000 5010a00e Jul 26 02:40:30 2012 C:\WINDOWS\system32\upnp.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll
             7feeb010000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\dssenh.dll
             7feeaf80000 5010a974 Jul 26 03:20:36 2012 c:\windows\system32\appinfo.dll
             7fef3060000 505a9aeb Sep 20 05:26:19 2012 c:\windows\system32\systemeventsbrokerserver.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7fef2660000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\system32\TimeBrokerClient.dll
             7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll
             7fef1bd0000 50107fa1 Jul 26 00:22:09 2012 C:\WINDOWS\system32\hnetcfg.dll
             7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\system32\SPINF.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7fef21b0000 5010a6ed Jul 26 03:09:49 2012 C:\Windows\System32\qmgrprxy.dll
             7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\system32\MPR.dll
             7fee8da0000 505a95bd Sep 20 05:04:13 2012 c:\windows\system32\wuaueng.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 c:\windows\system32\ESENT.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 c:\windows\system32\WINSPOOL.DRV
             7fef3d90000 5010a98e Jul 26 03:21:02 2012 c:\windows\system32\WMsgAPI.dll
             7feec170000 501089f6 Jul 26 01:06:14 2012 c:\windows\system32\Cabinet.dll
             7fef0f00000 501089f7 Jul 26 01:06:15 2012 c:\windows\system32\mspatcha.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll
             7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\SYSTEM32\wcmapi.dll
             7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll
             7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\SYSTEM32\wer.dll
             7feea490000 501099c5 Jul 26 02:13:41 2012 C:\WINDOWS\system32\RasApi32.dll
             7feecb80000 501089b8 Jul 26 01:05:12 2012 C:\WINDOWS\system32\rasman.dll
             7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\webservices.dll
             7fee7b90000 50109c5d Jul 26 02:24:45 2012 C:\WINDOWS\SYSTEM32\msi.dll
             7fef10f0000 50109e1d Jul 26 02:32:13 2012 C:\WINDOWS\SYSTEM32\advpack.dll
             7fef7ce0000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\imagehlp.dll
             7fee8b80000 505ab0bd Sep 20 06:59:25 2012 c:\windows\system32\aelupsvc.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 c:\windows\system32\apphelp.dll
             7fef0e10000 501086e3 Jul 26 00:53:07 2012 C:\Windows\System32\AppXDeploymentClient.dll
             7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll
             7fee8b50000 505a93f3 Sep 20 04:56:35 2012 C:\Windows\System32\storewuauth.dll
             7fee8b10000 505a942e Sep 20 04:57:34 2012 C:\Windows\System32\WSClient.dll
             7fee86c0000 505a91ee Sep 20 04:47:58 2012 C:\Windows\System32\WSShared.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\TWINAPI.dll
             7fee8690000 505a97a0 Sep 20 05:12:16 2012 C:\Windows\System32\WSSync.dll
             7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\Windows\System32\elscore.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\Windows\System32\iertutil.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000f273800000
    ProcessParameters: 000000f273801170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k netsvcs'
    DllPath:      '< Name not readable >'
    Environment:  000000f273800860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa80037a59c0  Cid 0314.0318  Teb: 000007f6fa94e000 Win32Thread: fffff90100655b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037c57b0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15720336       Ticks: 20792 (0:00:05:24.357)
        Context Switch Count      758            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88015164dd0 Current fffff88015164900
        Base fffff88015165000 Limit fffff8801515f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037c27c0  Cid 0314.031c  Teb: 000007f6fa94c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003db8490  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11923          Ticks: 15729205 (2:20:09:37.170)
        Context Switch Count      73             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015179dd0 Current fffff88015179900
        Base fffff8801517a000 Limit fffff88015174000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037c0a00  Cid 0314.0328  Teb: 000007f6fa945000 Win32Thread: fffff90100659b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037a9a60  NotificationEvent
            fffffa80037b4f50  SynchronizationEvent
            fffffa80037a99e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      7999           Ticks: 15733129 (2:20:10:38.385)
        Context Switch Count      92             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015187dd0 Current fffff88015187180
        Base fffff88015188000 Limit fffff88015182000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037cc700  Cid 0314.032c  Teb: 000007f6fa943000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa80037ccaa8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738889       Ticks: 2239 (0:00:00:34.928)
        Context Switch Count      400            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff8801518edd0 Current fffff8801518e7a0
        Base fffff8801518f000 Limit fffff88015189000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80037f1b00  Cid 0314.0348  Teb: 000007f6fa81e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800319fb60  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739118       Ticks: 2010 (0:00:00:31.356)
        Context Switch Count      63             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880151aadd0 Current fffff880151aa0f0
        Base fffff880151ab000 Limit fffff880151a5000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003975b00  Cid 0314.0260  Teb: 000007f6fa818000 Win32Thread: fffff901006d7710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003955820  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      192            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff8801558fdd0 Current fffff8801558f900
        Base fffff88015590000 Limit fffff8801558a000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800398a080  Cid 0314.0418  Teb: 000007f6fa816000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002eddee0  SynchronizationEvent
            fffffa8003958640  SynchronizationEvent
            fffffa8003b60fe0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679223       Ticks: 61905 (0:00:16:05.724)
        Context Switch Count      643            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.093
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff880154ccdd0 Current fffff880154cc180
        Base fffff880154cd000 Limit fffff880154c7000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039f7080  Cid 0314.0480  Teb: 000007f6fa804000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b0b740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740821       Ticks: 307 (0:00:00:04.789)
        Context Switch Count      65             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e5add0 Current fffff88014e5a760
        Base fffff88014e5b000 Limit fffff88014e55000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80039fbb00  Cid 0314.0484  Teb: 000007f6fa802000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b39ba0  SynchronizationEvent
            fffffa8003b3bfe0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679246       Ticks: 61882 (0:00:16:05.365)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address schedsvc!CSessionMgr::StartJobsCallback (0x000007fef00c3788)
        Stack Init fffff88015588dd0 Current fffff88015588180
        Base fffff88015589000 Limit fffff88015583000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b0b9c0  Cid 0314.0488  Teb: 000007f6fa800000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b58db0  SynchronizationEvent
            fffffa8003b38cd0  SynchronizationEvent
            fffffa8003b48be0  SynchronizationEvent
            fffffa8003b589e0  SynchronizationTimer
            fffffa8003b58840  SynchronizationTimer
        IRP List:
            fffffa8003b3c010: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10689          Ticks: 15730439 (2:20:09:56.421)
        Context Switch Count      20             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskcomp!CompatibilityAdapter::MonitorThread (0x000007feef961c00)
        Stack Init fffff88014e0ddd0 Current fffff88014e0d180
        Base fffff88014e0e000 Limit fffff88014e08000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bad700  Cid 0314.05cc  Teb: 000007f6fa814000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bbd520  NotificationEvent
            fffffa8003bb5ca0  SynchronizationEvent
            fffffa8003ba3200  SynchronizationEvent
            fffffa8003beda78  NotificationEvent
        IRP List:
            fffffa8003d85010: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738812       Ticks: 2316 (0:00:00:36.129)
        Context Switch Count      88             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88014f4fdd0 Current fffff88014f4f180
        Base fffff88014f50000 Limit fffff88014f4a000 Call 0
        Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003bbf900  Cid 0314.0620  Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003db6c10  SynchronizationEvent
            fffffa80030912b0  SynchronizationEvent
            fffffa8003f9c920  SynchronizationEvent
            fffffa8003e3dd50  SynchronizationEvent
            fffffa8003fa2630  SynchronizationEvent
            fffffa8004035530  SynchronizationEvent
            fffffa8003f48a70  SynchronizationEvent
            fffffa8003fb0620  SynchronizationEvent
            fffffa8003dc0490  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727890       Ticks: 13238 (0:00:03:26.514)
        Context Switch Count      699            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88014fcddd0 Current fffff88014fcd180
        Base fffff88014fce000 Limit fffff88014fc8000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bd4080  Cid 0314.06a8  Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003daa960  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11923          Ticks: 15729205 (2:20:09:37.170)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SSCORE!ShareNotificationsThreadProc (0x000007feedfa1824)
        Stack Init fffff88015e99dd0 Current fffff88015e99900
        Base fffff88015e9a000 Limit fffff88015e94000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bcf700  Cid 0314.06ac  Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dcaf80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679964       Ticks: 61164 (0:00:15:54.164)
        Context Switch Count      163            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155dcdd0 Current fffff880155dc760
        Base fffff880155dd000 Limit fffff880155d7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bd8700  Cid 0314.06b4  Teb: 000007f6fa7f2000 Win32Thread: fffff90100671290 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dcaf80  QueueObject
        IRP List:
            fffffa800413a9f0: (0006,01f0) Flags: 00060000  Mdl: fffffa8002620e70
            fffffa8002c48a10: (0006,01f0) Flags: 00060000  Mdl: fffffa800274a290
            fffffa8002c4e240: (0006,01f0) Flags: 00060000  Mdl: fffffa800189fc30
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739290       Ticks: 1838 (0:00:00:28.672)
        Context Switch Count      1340           IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015ea7dd0 Current fffff88015ea7760
        Base fffff88015ea8000 Limit fffff88015ea2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003bd4b00  Cid 0314.06b8  Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b741b0  SynchronizationEvent
            fffffa8003db11b0  SynchronizationEvent
            fffffa8003e0e9c0  SynchronizationEvent
            fffffa8003dba320  SynchronizationEvent
            fffffa8003dba1d0  SynchronizationEvent
            fffffa8003e685b0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15693330       Ticks: 47798 (0:00:12:25.653)
        Context Switch Count      1428           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address httpprxm!ProxyMgrRegListenForProxySettingsChange (0x000007feee8c0e68)
        Stack Init fffff88015eaedd0 Current fffff88015eae180
        Base fffff88015eaf000 Limit fffff88015ea9000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e55940  Cid 0314.06dc  Teb: 000007f6fa7ea000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ddce60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12499          Ticks: 15728629 (2:20:09:28.184)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff88003dd8dd0 Current fffff88003dd8900
        Base fffff88003dd9000 Limit fffff88003dd3000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ea0b00  Cid 0314.07a8  Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003f24aa0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12917          Ticks: 15728211 (2:20:09:21.664)
        Context Switch Count      24             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015ffedd0 Current fffff88015ffe900
        Base fffff88015fff000 Limit fffff88015ff9000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003df8080  Cid 0314.05c8  Teb: 000007f6fa7c6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003f93530  Semaphore Limit 0x7fffffff
            fffffa8003f76d40  NotificationEvent
            fffffa80039cc2f0  NotificationEvent
        IRP List:
            fffffa8002cf3e10: (0006,01f0) Flags: 00060070  Mdl: 00000000
            fffffa80033c7660: (0006,01f0) Flags: 00060030  Mdl: fffffa80021ac780
            fffffa80033f2610: (0006,01f0) Flags: 00060070  Mdl: 00000000
            fffffa80020fccd0: (0006,01f0) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727019       Ticks: 14109 (0:00:03:40.101)
        Context Switch Count      89             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88016187dd0 Current fffff88016187180
        Base fffff88016188000 Limit fffff88016182000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003fa9b00  Cid 0314.04a0  Teb: 000007f6fa7be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003f93530  Semaphore Limit 0x7fffffff
            fffffa8003f76d40  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727032       Ticks: 14096 (0:00:03:39.899)
        Context Switch Count      24             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff8801621bdd0 Current fffff8801621b180
        Base fffff8801621c000 Limit fffff88016216000 Call 0
        Priority 10 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003836b00  Cid 0314.0898  Teb: 000007f6fa7bc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f47c60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      14273          Ticks: 15726855 (2:20:09:00.510)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff88015429dd0 Current fffff88015429900
        Base fffff8801542a000 Limit fffff88015424000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80018a5b00  Cid 0314.0a1c  Teb: 000007f6fa7a4000 Win32Thread: fffff901006a9820 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003798d00  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736660       Ticks: 4468 (0:00:01:09.701)
        Context Switch Count      148            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff8801607ddd0 Current fffff8801607d5f0
        Base fffff8801607e000 Limit fffff88016078000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80037d0b00  Cid 0314.0a2c  Teb: 000007f6fa7a2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80036216b0  NotificationEvent
            fffffa80017d6f20  NotificationEvent
        IRP List:
            fffffa80031d0c80: (0006,01f0) Flags: 00060800  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15884          Ticks: 15725244 (2:20:08:35.378)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ncprov!CNCProvider::ConnectThreadProc (0x000007feeaf651dc)
        Stack Init fffff880163ebdd0 Current fffff880163eb180
        Base fffff880163ec000 Limit fffff880163e6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800261ab00  Cid 0314.0a30  Teb: 000007f6fa7a0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800371d200  NotificationEvent
            fffffa8003fe9850  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15884          Ticks: 15725244 (2:20:08:35.378)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470)
        Stack Init fffff8800316cdd0 Current fffff8800316c180
        Base fffff8800316d000 Limit fffff88003167000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002624900  Cid 0314.0a34  Teb: 000007f6fa79e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037cac10  NotificationEvent
            fffffa80040559b0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15884          Ticks: 15725244 (2:20:08:35.378)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470)
        Stack Init fffff88003173dd0 Current fffff88003173180
        Base fffff88003174000 Limit fffff8800316e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003676080  Cid 0314.099c  Teb: 000007f6fa812000 Win32Thread: fffff90100697950 WAIT: (UserRequest) UserMode Alertable
            fffffa80038ce280  SynchronizationTimer
            fffffa80038165f0  NotificationEvent
            fffffa80031e7a30  SynchronizationEvent
        IRP List:
            fffffa8003f07e10: (0006,01f0) Flags: 00060030  Mdl: 00000000
            fffffa8003900d80: (0006,01f0) Flags: 00060030  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15720270       Ticks: 20858 (0:00:05:25.386)
        Context Switch Count      5927           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.156
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88003181dd0 Current fffff88003181180
        Base fffff88003182000 Limit fffff8800317c000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001e11080  Cid 0314.0420  Teb: 000007f6fa80c000 Win32Thread: fffff901006f8710 WAIT: (WrQueue) UserMode Alertable
            fffffa800376f380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737701       Ticks: 3427 (0:00:00:53.461)
        Context Switch Count      2697           IdealProcessor: 0             
        UserTime                  00:00:00.078
        KernelTime                00:00:00.265
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015f72dd0 Current fffff88015f72760
        Base fffff88015f73000 Limit fffff88015f6d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80037fab00  Cid 0314.0d10  Teb: 000007f6fa806000 Win32Thread: fffff9010066fb90 WAIT: (WrQueue) UserMode Alertable
            fffffa800376f380  QueueObject
        IRP List:
            fffffa8002d0f260: (0006,0598) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741031       Ticks: 97 (0:00:00:01.513)
        Context Switch Count      8797           IdealProcessor: 0             
        UserTime                  00:00:01.310
        KernelTime                00:00:00.577
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150dfdd0 Current fffff880150df760
        Base fffff880150e0000 Limit fffff880150da000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8004048080  Cid 0314.04b8  Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002187550  SynchronizationEvent
            fffffa8001f05860  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737670       Ticks: 3458 (0:00:00:53.945)
        Context Switch Count      10             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88017525dd0 Current fffff88017525180
        Base fffff88017526000 Limit fffff88017520000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80020a4b00  Cid 0314.0bec  Teb: 000007f6fa7dc000 Win32Thread: fffff901006e5710 WAIT: (WrQueue) UserMode Alertable
            fffffa800376f380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740262       Ticks: 866 (0:00:00:13.509)
        Context Switch Count      1061           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016596dd0 Current fffff88016596760
        Base fffff88016597000 Limit fffff88016591000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001dcb080  Cid 0314.0ae4  Teb: 000007f6fa7ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80038b30c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679787       Ticks: 61341 (0:00:15:56.925)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880163f9dd0 Current fffff880163f9760
        Base fffff880163fa000 Limit fffff880163f4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cff080  Cid 0314.0298  Teb: 000007f6fa7c8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa8001cff428  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a000a23170 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680365       Ticks: 60763 (0:00:15:47.908)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38)
        Stack Init fffff8801756bdd0 Current fffff8801756b660
        Base fffff8801756c000 Limit fffff88017566000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d8c080  Cid 0314.0bbc  Teb: 000007f6fa94a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003253610  SynchronizationEvent
            fffffa8003782a30  NotificationEvent
            fffffa8003f099f0  SynchronizationEvent
        IRP List:
            fffffa80018966f0: (0006,01f0) Flags: 00040030  Mdl: 00000000
            fffffa8002dd4210: (0006,01f0) Flags: 00040030  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739276       Ticks: 1852 (0:00:00:28.891)
        Context Switch Count      286            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.046
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff880171cbdd0 Current fffff880171cb180
        Base fffff880171cc000 Limit fffff880171c6000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1

        THREAD fffffa8001cd4080  Cid 0314.0ce4  Teb: 000007f6fa947000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037a8250  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15717753       Ticks: 23375 (0:00:06:04.652)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88016110dd0 Current fffff88016110900
        Base fffff88016111000 Limit fffff8801610b000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e76080  Cid 0314.0c68  Teb: 000007f6fa81c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001ccea80  SynchronizationEvent
            fffffa8002d31cc0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15717492       Ticks: 23636 (0:00:06:08.723)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff8801546add0 Current fffff8801546a180
        Base fffff8801546b000 Limit fffff88015465000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800360fb00  Cid 0314.08a4  Teb: 000007f6fa81a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8001c94e40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733523       Ticks: 7605 (0:00:01:58.638)
        Context Switch Count      222            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880171eedd0 Current fffff880171ee7a0
        Base fffff880171ef000 Limit fffff880171e9000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d2ab00  Cid 0314.0adc  Teb: 000007f6fa7fe000 Win32Thread: fffff901006f2010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80032b2060  NotificationEvent
            fffffa8001ed4250  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739276       Ticks: 1852 (0:00:00:28.891)
        Context Switch Count      6051           IdealProcessor: 0             
        UserTime                  00:00:00.296
        KernelTime                00:00:02.776
        Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0)
        Stack Init fffff88015f80dd0 Current fffff88015f80180
        Base fffff88015f81000 Limit fffff88015f7b000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1

        THREAD fffffa80040265c0  Cid 0314.0a44  Teb: 000007f6fa7fa000 Win32Thread: fffff901006fe5a0 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80032b2060  NotificationEvent
            fffffa80033fee50  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733525       Ticks: 7603 (0:00:01:58.607)
        Context Switch Count      5581           IdealProcessor: 0             
        UserTime                  00:00:01.482
        KernelTime                00:00:00.592
        Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0)
        Stack Init fffff880171a3dd0 Current fffff880171a3180
        Base fffff880171a4000 Limit fffff8801719e000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1
        Kernel stack not resident.

        THREAD fffffa8003f51b00  Cid 0314.0414  Teb: 000007f6fa810000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80032b2060  NotificationEvent
            fffffa8001ec8bd0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739276       Ticks: 1852 (0:00:00:28.891)
        Context Switch Count      194            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0)
        Stack Init fffff88017371dd0 Current fffff88017371180
        Base fffff88017372000 Limit fffff8801736c000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1

        THREAD fffffa8002053b00  Cid 0314.0780  Teb: 000007f6fa7e8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80031a7180  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15718905       Ticks: 22223 (0:00:05:46.681)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017515dd0 Current fffff88017515760
        Base fffff88017516000 Limit fffff88017510000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cc9240  Cid 0314.049c  Teb: 000007f6fa7de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80032b2060  NotificationEvent
            fffffa8003794150  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15722755       Ticks: 18373 (0:00:04:46.620)
        Context Switch Count      31             IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address wuaueng!CWorkItemManager::ExecuteWorkItemWrapper (0x000007fee8da1de0)
        Stack Init fffff88014e7ddd0 Current fffff88014e7d180
        Base fffff88014e7e000 Limit fffff88014e78000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 1 PagePriority 1
        Kernel stack not resident.

        THREAD fffffa8002d3c300  Cid 0314.0e68  Teb: 000007f6fa7d8000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8002d3c6a8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15720344       Ticks: 20784 (0:00:05:24.232)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address aelupsvc!AhcpProcessLPCCalls (0x000007fee8b810f0)
        Stack Init fffff8801511edd0 Current fffff8801511e750
        Base fffff8801511f000 Limit fffff88015119000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d80240  Cid 0314.076c  Teb: 000007f6fa7da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800361db00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15720345       Ticks: 20783 (0:00:05:24.216)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150f4dd0 Current fffff880150f4760
        Base fffff880150f5000 Limit fffff880150ef000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800365a980  Cid 0314.0a60  Teb: 000007f6fa80a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800376f380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741031       Ticks: 97 (0:00:00:01.513)
        Context Switch Count      75             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801519cdd0 Current fffff8801519c760
        Base fffff8801519d000 Limit fffff88015197000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002105680  Cid 0314.0fc4  Teb: 000007f6fa80e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001d59110  Semaphore Limit 0x7fffffff
            fffffa800319ccd0  Mutant - owning thread 0
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80037ae940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739275       Ticks: 1853 (0:00:00:28.906)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address qmgr!TaskScheduler::WorkGroupWorkerThunk (0x000007feed178004)
        Stack Init fffff88015422dd0 Current fffff88015421ee0
        Base fffff88015423000 Limit fffff8801541d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa80037e9940
    SessionId: 0  Cid: 0360    Peb: 7f6fa7ef000  ParentCid: 0220
    DirBase: 332b5000  ObjectTable: fffff8a002536040  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003f0a880 Vads 163 Clone 0 Private 1535. Modified 327. Locked 115.
    DeviceMap fffff8a002487200
    Token                             fffff8a0024f5630
    ElapsedTime                       2 Days 20:10:48.462
    UserTime                          00:00:00.405
    KernelTime                        00:00:00.592
    QuotaPoolUsage[PagedPool]         207056
    QuotaPoolUsage[NonPagedPool]      38400
    Working Set Sizes (now,min,max)  (4072, 50, 345) (16288KB, 200KB, 1380KB)
    PeakWorkingSetSize                4211
    VirtualSize                       101 Mb
    PeakVirtualSize                   109 Mb
    PageFaultCount                    7783
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1993

    Setting context for this process...
.process /p /r fffffa80037e9940
                                       
    !peb
PEB at 000007f6fa7ef000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000002b50781a30 . 0000002b53018d90
    Ldr.InLoadOrderModuleList:           0000002b50781b90 . 0000002b53018d70
    Ldr.InMemoryOrderModuleList:         0000002b50781ba0 . 0000002b53018d80
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef3570000 50108647 Jul 26 00:50:31 2012 c:\windows\system32\es.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef1250000 50108a2f Jul 26 01:07:11 2012 c:\windows\system32\fntcache.dll
             7fef0bb0000 50108aa7 Jul 26 01:09:11 2012 c:\windows\system32\nsisvc.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 c:\windows\system32\winhttp.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7feedc00000 5010883e Jul 26 00:58:54 2012 c:\windows\system32\wdi.dll
             7feedb80000 501087e2 Jul 26 00:57:22 2012 c:\windows\system32\netprofmsvc.dll
             7fef37a0000 505a9a6a Sep 20 05:24:10 2012 c:\windows\system32\nlaapi.dll
             7feeda30000 501087af Jul 26 00:56:31 2012 c:\windows\system32\bthserv.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 c:\windows\system32\profapi.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7feed6f0000 50108406 Jul 26 00:40:54 2012 C:\WINDOWS\system32\perftrack.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\system32\wer.dll
             7feef420000 50109db5 Jul 26 02:30:29 2012 C:\WINDOWS\system32\AEPIC.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll
             7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\system32\sfc_os.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll
             7feed5c0000 50108269 Jul 26 00:34:01 2012 c:\windows\system32\fdphost.dll
             7feed590000 5010855e Jul 26 00:46:38 2012 C:\Windows\System32\fdwsd.dll
             7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\Windows\System32\wsdapi.dll
             7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\Windows\System32\webservices.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\Windows\System32\FirewallAPI.dll
             7feec240000 5010877d Jul 26 00:55:41 2012 C:\Windows\System32\fdssdp.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\Windows\System32\SSDPAPI.dll
             7feed310000 501088aa Jul 26 01:00:42 2012 C:\Windows\System32\fdproxy.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll
             7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000002b50780000
    ProcessParameters: 0000002b50781200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalService'
    DllPath:      '< Name not readable >'
    Environment:  0000002b50780860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa80037a2b00  Cid 0360.0364  Teb: 000007f6fa7ed000 Win32Thread: fffff90100659290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037d9820  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      70             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff880151bfdd0 Current fffff880151bf900
        Base fffff880151c0000 Limit fffff880151ba000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003812080  Cid 0360.0378  Teb: 000007f6fa7e3000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d3b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15690529       Ticks: 50599 (0:00:13:09.349)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880151c6dd0 Current fffff880151c6760
        Base fffff880151c7000 Limit fffff880151c1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800389e080  Cid 0360.0138  Teb: 000007f6fa6be000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80038a07a0  NotificationEvent
            fffffa80038aa500  SynchronizationEvent
            fffffa800389e600  NotificationEvent
            fffffa80038a91a8  NotificationEvent
        IRP List:
            fffffa800389cc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      8883           Ticks: 15732245 (2:20:10:24.594)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address fntcache!SystemFontCollectionMonitor::ThreadProc (0x000007fef12a3b00)
        Stack Init fffff8801549bdd0 Current fffff8801549b180
        Base fffff8801549c000 Limit fffff88015496000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800389fb00  Cid 0360.0144  Teb: 000007f6fa6bc000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa800389fea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737843       Ticks: 3285 (0:00:00:51.246)
        Context Switch Count      349            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address fntcache!FontCacheServiceInstance::IpcThreadProc (0x000007fef12a48fc)
        Stack Init fffff88015494dd0 Current fffff88015494750
        Base fffff88015495000 Limit fffff8801548f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003d8d7c0  Cid 0360.0658  Teb: 000007f6fa6b8000 Win32Thread: fffff90100691710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800364ee80  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735040       Ticks: 6088 (0:00:01:34.973)
        Context Switch Count      31             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address es!Notifier::NotifyThread::ThreadMain (0x000007fef35a06d0)
        Stack Init fffff88015e5add0 Current fffff88015e5a900
        Base fffff88015e5b000 Limit fffff88015e55000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e8bb00  Cid 0360.0760  Teb: 000007f6fa6b2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e0ea40  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12613          Ticks: 15728515 (2:20:09:26.406)
        Context Switch Count      9              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015f9cdd0 Current fffff88015f9c900
        Base fffff88015f9d000 Limit fffff88015f97000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ea4080  Cid 0360.0774  Teb: 000007f6fa6b0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003df5b50  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12800          Ticks: 15728328 (2:20:09:23.489)
        Context Switch Count      57             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015fc6dd0 Current fffff88015fc6900
        Base fffff88015fc7000 Limit fffff88015fc1000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ec02c0  Cid 0360.07c0  Teb: 000007f6fa6ae000 Win32Thread: fffff901006a3b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80030bf470  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12914          Ticks: 15728214 (2:20:09:21.710)
        Context Switch Count      58             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!NetProfileManStartStopThread (0x000007feedb96d5c)
        Stack Init fffff88016022dd0 Current fffff88016022900
        Base fffff88016023000 Limit fffff8801601d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ee6b00  Cid 0360.07d8  Teb: 000007f6fa6a8000 Win32Thread: fffff9010069f610 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003eea260  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679963       Ticks: 61165 (0:00:15:54.180)
        Context Switch Count      586            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!CImplINetworkListManager::EventMgrThreadProc (0x000007feedb859ec)
        Stack Init fffff88016029dd0 Current fffff880160295f0
        Base fffff8801602a000 Limit fffff88016024000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f02b00  Cid 0360.0424  Teb: 000007f6fa6a6000 Win32Thread: fffff901006abb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003dc7ca0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15732248       Ticks: 8880 (0:00:02:18.528)
        Context Switch Count      364            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!CImplINetworkListManager::IpHlpEventMgrThreadProc (0x000007feedb86564)
        Stack Init fffff880160a7dd0 Current fffff880160a7900
        Base fffff880160a8000 Limit fffff880160a2000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e01080  Cid 0360.0498  Teb: 000007f6fa6a4000 Win32Thread: fffff901006a5290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003eea150  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679963       Ticks: 61165 (0:00:15:54.180)
        Context Switch Count      58             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!CImplINetworkListManager::NetworkEventAggregatorThreadProc (0x000007feedb85f9c)
        Stack Init fffff880160aedd0 Current fffff880160ae900
        Base fffff880160af000 Limit fffff880160a9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e01700  Cid 0360.04a4  Teb: 000007f6fa6a2000 Win32Thread: fffff901006a5710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f029f0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738591       Ticks: 2537 (0:00:00:39.577)
        Context Switch Count      83             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!CImplINetworkListManager::FirewallEventMgrThreadProc (0x000007feedb94274)
        Stack Init fffff880160b5dd0 Current fffff880160b5900
        Base fffff880160b6000 Limit fffff880160b0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003f19b00  Cid 0360.0548  Teb: 000007f6fa69c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003ef53f0  NotificationEvent
            fffffa8003ef5200  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12800          Ticks: 15728328 (2:20:09:23.489)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address bthserv!BthServAsyncThread (0x000007feeda358dc)
        Stack Init fffff880160d8dd0 Current fffff880160d8180
        Base fffff880160d9000 Limit fffff880160d3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f4bb00  Cid 0360.04ac  Teb: 000007f6fa69e000 Win32Thread: fffff901006ab710 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003f49f60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679441       Ticks: 61687 (0:00:16:02.323)
        Context Switch Count      753            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address netprofmsvc!CImplINetworkListManager::EventWorkerThreadProc (0x000007feedb896d0)
        Stack Init fffff88016164dd0 Current fffff880161645f0
        Base fffff88016165000 Limit fffff8801615f000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d58080  Cid 0360.0ae0  Teb: 000007f6fa6b4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800374e740  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734670       Ticks: 6458 (0:00:01:40.745)
        Context Switch Count      36             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address es!TransientSubChecker::CheckerThread::ThreadMain (0x000007fef359f270)
        Stack Init fffff8801604cdd0 Current fffff8801604c900
        Base fffff8801604d000 Limit fffff88016047000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f2b080  Cid 0360.03c0  Teb: 000007f6fa694000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80039e0bc0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679738       Ticks: 61390 (0:00:15:57.690)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161fedd0 Current fffff880161fe760
        Base fffff880161ff000 Limit fffff880161f9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800400b080  Cid 0360.0934  Teb: 000007f6fa67e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003868500  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679686       Ticks: 61442 (0:00:15:58.501)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801750edd0 Current fffff8801750e760
        Base fffff8801750f000 Limit fffff88017509000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002788740  Cid 0360.029c  Teb: 000007f6fa67c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001ddac40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679735       Ticks: 61393 (0:00:15:57.736)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017109dd0 Current fffff88017109760
        Base fffff8801710a000 Limit fffff88017104000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c6c080  Cid 0360.0d30  Teb: 000007f6fa67a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80036ed940  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679696       Ticks: 61432 (0:00:15:58.345)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017037dd0 Current fffff88017037760
        Base fffff88017038000 Limit fffff88017032000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f68080  Cid 0360.08c8  Teb: 000007f6fa678000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800180aa00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679706       Ticks: 61422 (0:00:15:58.189)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880163e4dd0 Current fffff880163e4760
        Base fffff880163e5000 Limit fffff880163df000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f20800  Cid 0360.03cc  Teb: 000007f6fa676000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003fb1080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680337       Ticks: 60791 (0:00:15:48.345)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016262dd0 Current fffff88016262760
        Base fffff88016263000 Limit fffff8801625d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038159c0  Cid 0360.0628  Teb: 000007f6fa668000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8004001280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679738       Ticks: 61390 (0:00:15:57.690)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801544cdd0 Current fffff8801544c760
        Base fffff8801544d000 Limit fffff88015447000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003793080  Cid 0360.0ddc  Teb: 000007f6fa6ba000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d9740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740467       Ticks: 661 (0:00:00:10.311)
        Context Switch Count      860            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015068dd0 Current fffff88015068760
        Base fffff88015069000 Limit fffff88015063000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002156080  Cid 0360.09ac  Teb: 000007f6fa7e9000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d9740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739290       Ticks: 1838 (0:00:00:28.672)
        Context Switch Count      70             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880170f4dd0 Current fffff880170f4760
        Base fffff880170f5000 Limit fffff880170ef000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018c29c0  Cid 0360.06a0  Teb: 000007f6fa7e5000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d9740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739290       Ticks: 1838 (0:00:00:28.672)
        Context Switch Count      209            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017394dd0 Current fffff88017394760
        Base fffff88017395000 Limit fffff8801738f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80020cab00  Cid 0360.0614  Teb: 000007f6fa7eb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d9740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733831       Ticks: 7297 (0:00:01:53.833)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880174ebdd0 Current fffff880174eb760
        Base fffff880174ec000 Limit fffff880174e6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80033d8080  Cid 0360.0940  Teb: 000007f6fa7e7000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037d9740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80037e9940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739290       Ticks: 1838 (0:00:00:28.672)
        Context Switch Count      246            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801659ddd0 Current fffff8801659d760
        Base fffff8801659e000 Limit fffff88016598000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003879940
    SessionId: 0  Cid: 03f0    Peb: 7f6fad89000  ParentCid: 0220
    DirBase: 3584e000  ObjectTable: fffff8a002669480  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003873c30 Vads 236 Clone 0 Private 9637. Modified 3929. Locked 5.
    DeviceMap fffff8a00000c340
    Token                             fffff8a00267f060
    ElapsedTime                       2 Days 20:10:35.467
    UserTime                          00:00:02.527
    KernelTime                        00:00:08.970
    QuotaPoolUsage[PagedPool]         198216
    QuotaPoolUsage[NonPagedPool]      36304
    Working Set Sizes (now,min,max)  (13295, 50, 345) (53180KB, 200KB, 1380KB)
    PeakWorkingSetSize                13943
    VirtualSize                       4220 Mb
    PeakVirtualSize                   4262 Mb
    PageFaultCount                    64474
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      12699

    Setting context for this process...
.process /p /r fffffa8003879940
                                       
    !peb
PEB at 000007f6fad89000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000006f45b119c0 . 0000006f45c02680
    Ldr.InLoadOrderModuleList:           0000006f45b11b20 . 0000006f45c02660
    Ldr.InMemoryOrderModuleList:         0000006f45b11b30 . 0000006f45c02670
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef2e60000 505a9876 Sep 20 05:15:50 2012 c:\windows\system32\audioendpointbuilder.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 c:\windows\system32\bcrypt.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef25f0000 505a994b Sep 20 05:19:23 2012 c:\windows\system32\MMDevAPI.DLL
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\wtsapi32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll
             7fef0910000 5063da82 Sep 27 05:48:02 2012 c:\windows\system32\wlansvc.dll
             7fef0830000 5063dad6 Sep 27 05:49:26 2012 c:\windows\system32\WLANMSM.DLL
             7fef0780000 50108765 Jul 26 00:55:17 2012 c:\windows\system32\OneX.DLL
             7fef3da0000 501089ef Jul 26 01:06:07 2012 c:\windows\system32\SYSNTFY.dll
             7fef0700000 5063df0c Sep 27 06:07:24 2012 c:\windows\system32\WLANSEC.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 c:\windows\system32\dhcpcsvc.DLL
             7fef0690000 501087e5 Jul 26 00:57:25 2012 c:\windows\system32\eappprxy.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.DLL
             7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\System32\WMICLNT.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\System32\AUTHZ.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll
             7fef0420000 5010887a Jul 26 00:59:54 2012 C:\WINDOWS\SYSTEM32\wlgpclnt.dll
             7fef0400000 5010a845 Jul 26 03:15:33 2012 C:\WINDOWS\System32\l2gpstore.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\DSROLE.dll
             7fef46c0000 501088fe Jul 26 01:02:06 2012 C:\WINDOWS\system32\kerberos.DLL
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\System32\cryptdll.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7feef6a0000 5010869b Jul 26 00:51:55 2012 c:\windows\system32\das.dll
             7feef460000 5010853e Jul 26 00:46:06 2012 c:\windows\system32\pcasvc.dll
             7feef420000 50109db5 Jul 26 02:30:29 2012 c:\windows\system32\AEPIC.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 c:\windows\system32\apphelp.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 c:\windows\system32\USERENV.dll
             7feeef30000 5010a9de Jul 26 03:22:22 2012 c:\windows\system32\sfc_os.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll
             7feeeee0000 5010859c Jul 26 00:47:40 2012 C:\WINDOWS\system32\dafBth.dll
             7feeec50000 5010871d Jul 26 00:54:05 2012 C:\WINDOWS\System32\BluetoothApis.dll
             7feeec70000 50108842 Jul 26 00:58:58 2012 c:\windows\system32\trkwks.dll
             7feeeca0000 50108220 Jul 26 00:32:48 2012 c:\windows\system32\sysmain.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7feedec0000 5010a974 Jul 26 03:20:36 2012 c:\windows\system32\hidserv.dll
             7fef4070000 50108a1d Jul 26 01:06:53 2012 c:\windows\system32\HID.DLL
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef1f00000 5010810c Jul 26 00:28:12 2012 c:\windows\system32\listsvc.dll
             7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\System32\SAMLIB.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\System32\wkscli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll
             7fef1ca0000 505aa4c0 Sep 20 06:08:16 2012 C:\WINDOWS\System32\fhlisten.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef1c60000 501098ef Jul 26 02:10:07 2012 C:\WINDOWS\system32\hgprint.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV
             7feebf30000 50109163 Jul 26 01:37:55 2012 C:\WINDOWS\System32\IdListen.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\NETAPI32.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\System32\PROPSYS.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\System32\ncrypt.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\System32\srvcli.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\System32\NTASN1.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\System32\SAMCLI.DLL
             7feeb050000 50108a8f Jul 26 01:08:47 2012 C:\WINDOWS\system32\ncryptprov.dll
             7feedc00000 5010883e Jul 26 00:58:54 2012 c:\windows\system32\wdi.dll
             7feedc30000 50108908 Jul 26 01:02:16 2012 C:\WINDOWS\system32\pcadm.dll
             7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\System32\wer.dll
             7feedc20000 5010a948 Jul 26 03:19:52 2012 C:\WINDOWS\System32\pcacli.dll
             7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\System32\MPR.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\Windows\System32\iertutil.dll
             7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\WINDOWS\system32\ntshrui.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
             7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\System32\LINKINFO.dll
             7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll
             7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll
             7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll
             7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\cscapi.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000006f45b10000
    ProcessParameters: 0000006f45b11170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\svchost.exe'
    ImageFile:    'C:\WINDOWS\System32\svchost.exe'
    CommandLine:  'C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted'
    DllPath:      '< Name not readable >'
    Environment:  0000006f45b10860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa80038999c0  Cid 03f0.03f4  Teb: 000007f6fad8e000 Win32Thread: fffff90100665710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800389a8e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740200       Ticks: 928 (0:00:00:14.476)
        Context Switch Count      234            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88015471dd0 Current fffff88015471900
        Base fffff88015472000 Limit fffff8801546c000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80038adb00  Cid 03f0.018c  Teb: 000007f6fad87000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa800388ab80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      8985           Ticks: 15732143 (2:20:10:23.003)
        Context Switch Count      14             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address audioendpointbuilder!EventWorkerThread (0x000007fef2e7b224)
        Stack Init fffff8801543edd0 Current fffff8801543e7a0
        Base fffff8801543f000 Limit fffff88015439000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038acb00  Cid 03f0.021c  Teb: 000007f6fac5e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80038be640  QueueObject
        IRP List:
            fffffa8001ca9c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736102       Ticks: 5026 (0:00:01:18.406)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880154c5dd0 Current fffff880154c5760
        Base fffff880154c6000 Limit fffff880154c0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80038ca080  Cid 03f0.014c  Teb: 000007f6fad85000 Win32Thread: fffff901006a5b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003862800  QueueObject
        IRP List:
            fffffa8003735810: (0006,03e8) Flags: 00060800  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736541       Ticks: 4587 (0:00:01:11.557)
        Context Switch Count      797            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880154bedd0 Current fffff880154be760
        Base fffff880154bf000 Limit fffff880154b9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003965b00  Cid 03f0.0380  Teb: 000007f6fac5c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003950d30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      9544           Ticks: 15731584 (2:20:10:14.283)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff8801553bdd0 Current fffff8801553b900
        Base fffff8801553c000 Limit fffff88015536000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800397e080  Cid 03f0.022c  Teb: 000007f6fac58000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003951970  SynchronizationEvent
            fffffa8003921600  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      9559           Ticks: 15731569 (2:20:10:14.049)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlgpclnt!MainGPAProc (0x000007fef0425d98)
        Stack Init fffff88015581dd0 Current fffff88015581180
        Base fffff88015582000 Limit fffff8801557c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003984b00  Cid 03f0.0410  Teb: 000007f6fac54000 Win32Thread: fffff901006f4b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003862800  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      1324           IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155abdd0 Current fffff880155ab760
        Base fffff880155ac000 Limit fffff880155a6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003918800  Cid 03f0.042c  Teb: 000007f6fac50000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003943060  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      9690           Ticks: 15731438 (2:20:10:12.005)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff880155cedd0 Current fffff880155ce900
        Base fffff880155cf000 Limit fffff880155c9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039aa080  Cid 03f0.0590  Teb: 000007f6fac56000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ba55d0  NotificationEvent
            fffffa800181aa50  NotificationEvent
            fffffa8003dbcfe0  NotificationEvent
            fffffa8003bf5190  SynchronizationTimer
            fffffa80018106e0  SynchronizationEvent
            fffffa8003f98600  SynchronizationEvent
            fffffa8001837060  SynchronizationEvent
            fffffa800184ea70  SynchronizationEvent
            fffffa8003f747e0  SynchronizationEvent
            fffffa80040693e0  NotificationEvent
        Impersonation token:  fffff8a0027cf060 (Level Impersonation)
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741043       Ticks: 85 (0:00:00:01.326)
        Context Switch Count      10373          IdealProcessor: 0             
        UserTime                  00:00:12.604
        KernelTime                00:00:05.553
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88014fdbdd0 Current fffff88014fdb180
        Base fffff88014fdc000 Limit fffff88014fd6000 Call 0
        Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80039b1080  Cid 03f0.05a4  Teb: 000007f6fac48000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800399a8c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10746          Ticks: 15730382 (2:20:09:55.531)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014fe9dd0 Current fffff88014fe9760
        Base fffff88014fea000 Limit fffff88014fe4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039a7a00  Cid 03f0.05a8  Teb: 000007f6fac46000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039a5fe0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10745          Ticks: 15730383 (2:20:09:55.547)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address pcasvc!UfhpShortcutListenerThread (0x000007feef47ba00)
        Stack Init fffff88014fe2dd0 Current fffff88014fe2900
        Base fffff88014fe3000 Limit fffff88014fdd000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ea3b00  Cid 03f0.077c  Teb: 000007f6fac4c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ea6b00  Thread
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12544          Ticks: 15728584 (2:20:09:27.482)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015fcddd0 Current fffff88015fcd900
        Base fffff88015fce000 Limit fffff88015fc8000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ea6b00  Cid 03f0.078c  Teb: 000007f6fac44000 Win32Thread: fffff901006953a0 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003e1b340  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680787       Ticks: 60341 (0:00:15:41.325)
        Context Switch Count      111            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address hidserv!HidServMain (0x000007feedec1d44)
        Stack Init fffff88015fb1dd0 Current fffff88015fb15f0
        Base fffff88015fb2000 Limit fffff88015fac000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003eac440  Cid 03f0.0794  Teb: 000007f6fac40000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003683360  NotificationEvent
            fffffa8003e3ac70  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12544          Ticks: 15728584 (2:20:09:27.482)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address hidserv!HidThreadInputProc (0x000007feedec22c4)
        Stack Init fffff88015fe2dd0 Current fffff88015fe2180
        Base fffff88015fe3000 Limit fffff88015fdd000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f935c0  Cid 03f0.0788  Teb: 000007f6fac4e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800394a700  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      14894          Ticks: 15726234 (2:20:08:50.822)
        Context Switch Count      67             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015fa3dd0 Current fffff88015fa3900
        Base fffff88015fa4000 Limit fffff88015f9e000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80027b9080  Cid 03f0.090c  Teb: 000007f6fac32000 Win32Thread: fffff901006a7b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80027835e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681099       Ticks: 60029 (0:00:15:36.458)
        Context Switch Count      21             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88016357dd0 Current fffff88016357900
        Base fffff88016358000 Limit fffff88016352000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ef2b00  Cid 03f0.09b4  Teb: 000007f6fac2e000 Win32Thread: fffff901001ea820 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040e4c70  NotificationEvent
            fffffa8003f918f0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681386       Ticks: 59742 (0:00:15:31.981)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88016270dd0 Current fffff88016270180
        Base fffff88016271000 Limit fffff8801626b000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038e9b00  Cid 03f0.09b8  Teb: 000007f6fac2c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f91360  NotificationEvent
            fffffa8003e0fc60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681388       Ticks: 59740 (0:00:15:31.949)
        Context Switch Count      369            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88016277dd0 Current fffff88016277180
        Base fffff88016278000 Limit fffff88016272000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e8cb00  Cid 03f0.09bc  Teb: 000007f6fac2a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f5fe60  NotificationEvent
            fffffa8003f47d60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681387       Ticks: 59741 (0:00:15:31.965)
        Context Switch Count      377            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801605add0 Current fffff8801605a180
        Base fffff8801605b000 Limit fffff88016055000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80027c1080  Cid 03f0.09c0  Teb: 000007f6fac28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f30650  NotificationEvent
            fffffa8003e0ce90  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681390       Ticks: 59738 (0:00:15:31.918)
        Context Switch Count      1348           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88016269dd0 Current fffff88016269180
        Base fffff8801626a000 Limit fffff88016264000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8004080740  Cid 03f0.09c4  Teb: 000007f6fac26000 Win32Thread: fffff9010069bb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e0cf10  NotificationEvent
            fffffa8003f951b0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681386       Ticks: 59742 (0:00:15:31.981)
        Context Switch Count      280            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88003194dd0 Current fffff88003194180
        Base fffff88003195000 Limit fffff8800318f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e9ab00  Cid 03f0.09c8  Teb: 000007f6fac24000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f95400  NotificationEvent
            fffffa80040181d0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681882       Ticks: 59246 (0:00:15:24.243)
        Context Switch Count      837            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880162eedd0 Current fffff880162ee180
        Base fffff880162ef000 Limit fffff880162e9000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003dc4340  Cid 03f0.09d0  Teb: 000007f6fac22000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003f3b300  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      14909          Ticks: 15726219 (2:20:08:50.588)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88002f47dd0 Current fffff88002f47760
        Base fffff88002f48000 Limit fffff88002f42000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002da3b00  Cid 03f0.05b8  Teb: 000007f6fac5a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80038ce440  SynchronizationEvent
            fffffa80024c5ee0  SynchronizationEvent
            fffffa800268b680  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      22773          Ticks: 15718355 (2:20:06:47.909)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IdListen!CProviderWatcher::ThreadProc (0x000007feebf42b68)
        Stack Init fffff880154efdd0 Current fffff880154ef180
        Base fffff880154f0000 Limit fffff880154ea000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002e5ab00  Cid 03f0.0970  Teb: 000007f6fad8c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800306d620  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      20972          Ticks: 15720156 (2:20:07:16.005)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88015f25dd0 Current fffff88015f25900
        Base fffff88015f26000 Limit fffff88015f20000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800414f080  Cid 03f0.0878  Teb: 000007f6fac34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e0a900  SynchronizationEvent
            fffffa800413f5a0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740542       Ticks: 586 (0:00:00:09.141)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88017180dd0 Current fffff88017180180
        Base fffff88017181000 Limit fffff8801717b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018d0b00  Cid 03f0.0c98  Teb: 000007f6fac1e000 Win32Thread: fffff901006fbb90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003fc1910  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      31963          Ticks: 15709165 (2:20:04:24.544)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801711edd0 Current fffff8801711e5f0
        Base fffff8801711f000 Limit fffff88017119000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001ff0080  Cid 03f0.0f00  Teb: 000007f6fad83000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003862800  QueueObject
        IRP List:
            fffffa8001f542c0: (0006,0598) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736547       Ticks: 4581 (0:00:01:11.464)
        Context Switch Count      1122           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880160fbdd0 Current fffff880160fb760
        Base fffff880160fc000 Limit fffff880160f6000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800260da00  Cid 03f0.0da0  Teb: 000007f6fac3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001822160  NotificationEvent
            fffffa8003648c60  SynchronizationEvent
        IRP List:
            fffffa80038d3b40: (0006,04c0) Flags: 00060900  Mdl: fffffa80038204b0
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679030       Ticks: 62098 (0:00:16:08.735)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4)
        Stack Init fffff8801630add0 Current fffff8801630a180
        Base fffff8801630b000 Limit fffff88016305000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037dd700  Cid 03f0.0d48  Teb: 000007f6fac3a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800306a2b0  NotificationEvent
            fffffa8003e59ba0  SynchronizationEvent
        IRP List:
            fffffa8001fbe9f0: (0006,03e8) Flags: 00060900  Mdl: fffffa8003022330
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679030       Ticks: 62098 (0:00:16:08.735)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4)
        Stack Init fffff880155c7dd0 Current fffff880155c7180
        Base fffff880155c8000 Limit fffff880155c2000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b02540  Cid 03f0.0ac4  Teb: 000007f6fac38000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8004129190  NotificationEvent
            fffffa800183e8e0  SynchronizationEvent
        IRP List:
            fffffa800413d9e0: (0006,03e8) Flags: 00060900  Mdl: fffffa8003250690
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679030       Ticks: 62098 (0:00:16:08.735)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address hidserv!HidThreadProc (0x000007feedec25b4)
        Stack Init fffff8801635edd0 Current fffff8801635e180
        Base fffff8801635f000 Limit fffff88016359000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80036ca9c0  Cid 03f0.0e58  Teb: 000007f6fac4a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002f073f0  NotificationEvent
            fffffa8003e70460  NotificationEvent
            fffffa8001cd5720  NotificationEvent
            fffffa800262ab60  NotificationEvent
            fffffa80039b6180  NotificationEvent
            fffffa80027e1410  NotificationEvent
            fffffa8003b69c80  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address pcasvc!PcapArpMonitorThread (0x000007feef479820)
        Stack Init fffff88014ecadd0 Current fffff88014eca180
        Base fffff88014ecb000 Limit fffff88014ec5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003d9b080  Cid 03f0.0580  Teb: 000007f6fac52000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003862800  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003879940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      270            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880174cbdd0 Current fffff880174cb760
        Base fffff880174cc000 Limit fffff880174c6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa800392c540
    SessionId: 0  Cid: 03b8    Peb: 7f6fb68f000  ParentCid: 0220
    DirBase: 2fe18000  ObjectTable: fffff8a00277ad80  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003b97790 Vads 231 Clone 0 Private 1237. Modified 376. Locked 0.
    DeviceMap fffff8a0007b8aa0
    Token                             fffff8a0021e8060
    ElapsedTime                       2 Days 20:10:29.071
    UserTime                          00:00:00.265
    KernelTime                        00:00:00.702
    QuotaPoolUsage[PagedPool]         124440
    QuotaPoolUsage[NonPagedPool]      35296
    Working Set Sizes (now,min,max)  (3221, 50, 345) (12884KB, 200KB, 1380KB)
    PeakWorkingSetSize                3308
    VirtualSize                       1358 Mb
    PeakVirtualSize                   1614 Mb
    PageFaultCount                    6706
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      2353

    Setting context for this process...
.process /p /r fffffa800392c540
                                       
    !peb
PEB at 000007f6fb68f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000c2343c1a20 . 000000c276c99a20
    Ldr.InLoadOrderModuleList:           000000c2343c1b80 . 000000c276c99d60
    Ldr.InMemoryOrderModuleList:         000000c2343c1b90 . 000000c276c99d70
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef0b30000 505a9bd3 Sep 20 05:30:11 2012 c:\windows\system32\dnsrslvr.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\SYSTEM32\Fwpuclnt.dll
             7fef06d0000 501089ef Jul 26 01:06:07 2012 C:\WINDOWS\System32\dnsext.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\iphlpapi.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7feef730000 50108807 Jul 26 00:57:59 2012 c:\windows\system32\wkssvc.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 c:\windows\system32\netutils.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7feef700000 501089c3 Jul 26 01:05:23 2012 c:\windows\system32\cryptsvc.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feef600000 505a9748 Sep 20 05:10:48 2012 c:\windows\system32\nlasvc.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 c:\windows\system32\wevtapi.dll
             7feef590000 505ab116 Sep 20 07:00:54 2012 c:\windows\system32\ncsi.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 c:\windows\system32\WINHTTP.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll
             7fef47e0000 50108985 Jul 26 01:04:21 2012 C:\WINDOWS\SYSTEM32\netjoin.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7feef440000 50108778 Jul 26 00:55:36 2012 C:\Windows\System32\cryptcatsvc.dll
             7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL
             7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL
             7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\ssdpapi.dll
             7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\system32\WMICLNT.dll
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\WlanApi.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\WINDOWS\system32\CRYPTNET.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\system32\Cabinet.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000c2343c0000
    ProcessParameters: 000000c2343c11f0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k NetworkService'
    DllPath:      '< Name not readable >'
    Environment:  000000c2343c0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\Windows\ServiceProfiles\NetworkService
        windir=C:\WINDOWS


        THREAD fffffa800391a700  Cid 03b8.027c  Teb: 000007f6fb68d000 Win32Thread: fffff90100671710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003931f50  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      185            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88015527dd0 Current fffff88015527900
        Base fffff88015528000 Limit fffff88015522000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800395b080  Cid 03b8.0264  Teb: 000007f6fb685000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039278c0  NotificationEvent
            fffffa800372eb58  NotificationEvent
            fffffa800391e4e0  SynchronizationEvent
            fffffa80038b04b0  SynchronizationEvent
        IRP List:
            fffffa8003938840: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740650       Ticks: 478 (0:00:00:07.456)
        Context Switch Count      18             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dnsrslvr!NotifyThread (0x000007fef0b338fc)
        Stack Init fffff880154dadd0 Current fffff880154da180
        Base fffff880154db000 Limit fffff880154d5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800396a080  Cid 03b8.02ac  Teb: 000007f6fb683000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003963650  NotificationEvent
            fffffa80039278c0  NotificationEvent
        IRP List:
            fffffa800360cc10: (0006,01f0) Flags: 00060030  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681374       Ticks: 59754 (0:00:15:32.168)
        Context Switch Count      196            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dnsrslvr!Ip_NotifyThread (0x000007fef0b34d90)
        Stack Init fffff880154fddd0 Current fffff880154fd180
        Base fffff880154fe000 Limit fffff880154f8000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003963080  Cid 03b8.0274  Teb: 000007f6fb55e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800393a0c0  NotificationEvent
            fffffa8003858f60  NotificationEvent
            fffffa8003858fe0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679521       Ticks: 61607 (0:00:16:01.075)
        Context Switch Count      1728           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.062
        Win32 Start Address dnsrslvr!Mcast_Thread (0x000007fef0b35720)
        Stack Init fffff88015565dd0 Current fffff88015565180
        Base fffff88015566000 Limit fffff88015560000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800396ab00  Cid 03b8.03e8  Teb: 000007f6fb55c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003963e10  SynchronizationEvent
            fffffa800396a630  SynchronizationEvent
            fffffa80039636d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679799       Ticks: 61329 (0:00:15:56.738)
        Context Switch Count      1551           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address dnsrslvr!ProcessIpChangeNotificationRequestThread (0x000007fef0b3517c)
        Stack Init fffff8801556cdd0 Current fffff8801556c180
        Base fffff8801556d000 Limit fffff88015567000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80030ae4c0  Cid 03b8.0534  Teb: 000007f6fb552000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa800308c800  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10599          Ticks: 15730529 (2:20:09:57.825)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wkssvc!StartIOProcessing (0x000007feef737a10)
        Stack Init fffff88014f48dd0 Current fffff88014f487a0
        Base fffff88014f49000 Limit fffff88014f43000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b1eb00  Cid 03b8.0540  Teb: 000007f6fb550000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800308c200  QueueObject
        IRP List:
            fffffa8001fd9010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001d28010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003046010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003ddec10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736475       Ticks: 4653 (0:00:01:12.587)
        Context Switch Count      89             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014f56dd0 Current fffff88014f56760
        Base fffff88014f57000 Limit fffff88014f51000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003b64080  Cid 03b8.05ac  Teb: 000007f6fb554000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039a43e0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11019          Ticks: 15730109 (2:20:09:51.273)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88014ff0dd0 Current fffff88014ff0900
        Base fffff88014ff1000 Limit fffff88014feb000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b92980  Cid 03b8.05b0  Teb: 000007f6fb548000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003b78c40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10790          Ticks: 15730338 (2:20:09:54.845)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88014ff7dd0 Current fffff88014ff77a0
        Base fffff88014ff8000 Limit fffff88014ff2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bbeb00  Cid 03b8.05fc  Teb: 000007f6fb546000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bbbc70  SynchronizationEvent
            fffffa8003ba72a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736071       Ticks: 5057 (0:00:01:18.889)
        Context Switch Count      11454          IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.187
        Win32 Start Address nlasvc!QueueMonitor (0x000007feef60adf0)
        Stack Init fffff88014fbfdd0 Current fffff88014fbf180
        Base fffff88014fc0000 Limit fffff88014fba000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003be8080  Cid 03b8.060c  Teb: 000007f6fb540000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003919780  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741031       Ticks: 97 (0:00:00:01.513)
        Context Switch Count      11308          IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.187
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015e06dd0 Current fffff88015e06760
        Base fffff88015e07000 Limit fffff88015e01000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003d9ba80  Cid 03b8.064c  Teb: 000007f6fb53a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003d8dfe0  SynchronizationEvent
            fffffa8003675c80  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11379          Ticks: 15729749 (2:20:09:45.657)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e45dd0 Current fffff88015e45180
        Base fffff88015e46000 Limit fffff88015e40000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e13700  Cid 03b8.06bc  Teb: 000007f6fb538000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa8003e13aa8  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a00218c030 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      13514          Ticks: 15727614 (2:20:09:12.350)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ssdpapi!GetNotificationLoop (0x000007feeef05c38)
        Stack Init fffff8801619cdd0 Current fffff8801619c660
        Base fffff8801619d000 Limit fffff88016197000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e94b00  Cid 03b8.0ee0  Teb: 000007f6fb558000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003919780  QueueObject
        IRP List:
            fffffa800404faa0: (0006,0118) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738611       Ticks: 2517 (0:00:00:39.265)
        Context Switch Count      4783           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.078
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015ec3dd0 Current fffff88015ec3760
        Base fffff88015ec4000 Limit fffff88015ebe000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003dcf940  Cid 03b8.0ec0  Teb: 000007f6fb556000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003919780  QueueObject
        IRP List:
            fffffa8003f9f730: (0006,0118) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736646       Ticks: 4482 (0:00:01:09.919)
        Context Switch Count      1442           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015ee6dd0 Current fffff88015ee6760
        Base fffff88015ee7000 Limit fffff88015ee1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d7e080  Cid 03b8.0e10  Teb: 000007f6fb544000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003919780  QueueObject
        IRP List:
            fffffa8002142120: (0006,0598) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736067       Ticks: 5061 (0:00:01:18.952)
        Context Switch Count      4965           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.078
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016205dd0 Current fffff88016205760
        Base fffff88016206000 Limit fffff88016200000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80037f5780  Cid 03b8.0cd4  Teb: 000007f6fb542000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f7b060  NotificationEvent
            fffffa80027a8780  NotificationEvent
            fffffa8003f762e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679467       Ticks: 61661 (0:00:16:01.917)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dnsrslvr!Responder_Thread (0x000007fef0b35850)
        Stack Init fffff880164afdd0 Current fffff880164af180
        Base fffff880164b0000 Limit fffff880164aa000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cc5080  Cid 03b8.0eb4  Teb: 000007f6fb689000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003919780  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa800392c540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738862       Ticks: 2266 (0:00:00:35.349)
        Context Switch Count      35             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015180dd0 Current fffff88015180760
        Base fffff88015181000 Limit fffff8801517b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003b50480
    SessionId: 0  Cid: 04c8    Peb: 7f7cf335000  ParentCid: 0220
    DirBase: 3b055000  ObjectTable: fffff8a001f01980  HandleCount: <Data Not Accessible>
    Image: spoolsv.exe
    VadRoot fffffa8003b55d20 Vads 141 Clone 0 Private 657. Modified 10968. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a002237060
    ElapsedTime                       2 Days 20:10:12.612
    UserTime                          00:00:05.288
    KernelTime                        00:00:00.670
    QuotaPoolUsage[PagedPool]         158112
    QuotaPoolUsage[NonPagedPool]      19120
    Working Set Sizes (now,min,max)  (2749, 50, 345) (10996KB, 200KB, 1380KB)
    PeakWorkingSetSize                3288
    VirtualSize                       74 Mb
    PeakVirtualSize                   87 Mb
    PageFaultCount                    9171
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1046

    Setting context for this process...
.process /p /r fffffa8003b50480
                                       
    !peb
PEB at 000007f7cf335000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7cfb80000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000000000761980 . 00000000007c8120
    Ldr.InLoadOrderModuleList:           0000000000761ae0 . 00000000007c8100
    Ldr.InMemoryOrderModuleList:         0000000000761af0 . 00000000007c8110
                    Base TimeStamp                     Module
             7f7cfb80000 501080ef Jul 26 00:27:43 2012 C:\WINDOWS\System32\spoolsv.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\System32\DNSAPI.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7feeabc0000 50108063 Jul 26 00:25:23 2012 C:\WINDOWS\System32\localspl.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\System32\srvcli.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll
             7feeaba0000 5010a9bf Jul 26 03:21:51 2012 C:\WINDOWS\System32\SPOOLSS.DLL
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\winspool.drv
             7feeab80000 50108216 Jul 26 00:32:38 2012 C:\WINDOWS\System32\PrintIsolationProxy.dll
             7feed230000 5010a402 Jul 26 02:57:22 2012 C:\WINDOWS\System32\FXSMON.DLL
             7feeab10000 50108202 Jul 26 00:32:18 2012 C:\WINDOWS\System32\tcpmon.dll
             7feec230000 50108a1b Jul 26 01:06:51 2012 C:\WINDOWS\System32\snmpapi.dll
             7feeaaf0000 5010a97d Jul 26 03:20:45 2012 C:\WINDOWS\System32\wsnmp32.dll
             7feeaab0000 5010a375 Jul 26 02:55:01 2012 C:\WINDOWS\System32\usbmon.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feeaa60000 50108353 Jul 26 00:37:55 2012 C:\WINDOWS\System32\WSDMon.dll
             7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\WINDOWS\System32\wsdapi.dll
             7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\System32\webservices.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\System32\FirewallAPI.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll
             7feeaa40000 501086cb Jul 26 00:52:43 2012 C:\Windows\System32\fdPnp.dll
             7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\Windows\System32\ATL.DLL
             7feea990000 505ab098 Sep 20 06:58:48 2012 C:\WINDOWS\System32\drvstore.dll
             7feebf70000 50108915 Jul 26 01:02:29 2012 C:\WINDOWS\system32\spool\PRTPROCS\x64\winprint.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\System32\VERSION.dll
             7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\DSROLE.dll
             7feea8d0000 5010804f Jul 26 00:25:03 2012 C:\WINDOWS\System32\win32spl.dll
             7feea870000 50109f66 Jul 26 02:37:42 2012 C:\WINDOWS\System32\inetpp.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll
             7feebf20000 5010ac3d Jul 26 03:32:29 2012 C:\WINDOWS\System32\sfc.dll
             7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\System32\sfc_os.DLL
             7fef40c0000 501089e6 Jul 26 01:05:58 2012 C:\WINDOWS\System32\DEVRTL.dll
             7fef48a0000 5010a9b5 Jul 26 03:21:41 2012 C:\WINDOWS\System32\SPINF.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7feedc40000 5010a97d Jul 26 03:20:45 2012 C:\WINDOWS\System32\SPFILEQ.dll
             7feece60000 505aa512 Sep 20 06:09:38 2012 C:\WINDOWS\System32\DriverStore\FileRepository\prnms003.inf_amd64_f4cd66319c03270a\Amd64\PrintConfig.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7feecb00000 5010a1fe Jul 26 02:48:46 2012 C:\WINDOWS\SYSTEM32\prntvpt.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\System32\SHCORE.dll
             7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\System32\Cabinet.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7feecbc0000 505aa512 Sep 20 06:09:38 2012 C:\WINDOWS\system32\spool\DRIVERS\x64\3\PrintConfig.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\System32\cscapi.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\System32\netutils.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\System32\WTSAPI32.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000000000760000
    ProcessParameters: 0000000000761170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\spoolsv.exe'
    ImageFile:    'C:\WINDOWS\System32\spoolsv.exe'
    CommandLine:  'C:\WINDOWS\System32\spoolsv.exe'
    DllPath:      '< Name not readable >'
    Environment:  0000000000760860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8003031800  Cid 04c8.04cc  Teb: 000007f7cf33e000 Win32Thread: fffff90100679b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003037340  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address spoolsv!mainCRTStartup (0x000007f7cfbce6e0)
        Stack Init fffff88014ea7dd0 Current fffff88014ea7900
        Base fffff88014ea8000 Limit fffff88014ea2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003056b00  Cid 04c8.04d8  Teb: 000007f7cf338000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b55c60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10343          Ticks: 15730785 (2:20:10:01.818)
        Context Switch Count      51             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88014ebcdd0 Current fffff88014ebc900
        Base fffff88014ebd000 Limit fffff88014eb7000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800305d5c0  Cid 04c8.04e0  Teb: 000007f7cf333000 Win32Thread: fffff901006d9710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039f84c0  SynchronizationEvent
            fffffa800399ab00  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18582          Ticks: 15722546 (2:20:07:53.289)
        Context Switch Count      172            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.078
        Win32 Start Address spoolsv!PreInitializeRouter (0x000007f7cfbc4e00)
        Stack Init fffff88014ec3dd0 Current fffff88014ec3180
        Base fffff88014ec4000 Limit fffff88014ebe000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800269c700  Cid 04c8.0b34  Teb: 000007f7cf20e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001892de0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18364          Ticks: 15722764 (2:20:07:56.690)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0)
        Stack Init fffff88015512dd0 Current fffff88015512900
        Base fffff88015513000 Limit fffff8801550d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002692080  Cid 04c8.0b4c  Teb: 000007f7cf20c000 Win32Thread: fffff901006d9290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800399ab80  SynchronizationEvent
            fffffa80039a16a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15693645       Ticks: 47483 (0:00:12:20.739)
        Context Switch Count      188            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address fdPnp!CPnpProvider::ListenerThread (0x000007feeaa430ec)
        Stack Init fffff8801516bdd0 Current fffff8801516b180
        Base fffff8801516c000 Limit fffff88015166000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002772080  Cid 04c8.0b54  Teb: 000007f7cf208000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800371d320  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18614          Ticks: 15722514 (2:20:07:52.790)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address PrintIsolationProxy!sandbox::ModuleManager::DelayUnloadWorkerThread (0x000007feeab85798)
        Stack Init fffff88003da1dd0 Current fffff88003da1900
        Base fffff88003da2000 Limit fffff88003d9c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002767400  Cid 04c8.0b58  Teb: 000007f7cf206000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002f29850  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      19667          Ticks: 15721461 (2:20:07:36.363)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address localspl!SchedulerThread (0x000007feeabce168)
        Stack Init fffff880160f4dd0 Current fffff880160f4900
        Base fffff880160f5000 Limit fffff880160ef000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800276f080  Cid 04c8.0b7c  Teb: 000007f7cf1fe000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80038e98c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18481          Ticks: 15722647 (2:20:07:54.865)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015534dd0 Current fffff88015534760
        Base fffff88015535000 Limit fffff8801552f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002683080  Cid 04c8.05d8  Teb: 000007f7cf204000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80038c6a40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      21055          Ticks: 15720073 (2:20:07:14.710)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155b9dd0 Current fffff880155b9760
        Base fffff880155ba000 Limit fffff880155b4000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d65b00  Cid 04c8.0b10  Teb: 000007f7cf33c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003046d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8003b50480       Image:         spoolsv.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728134       Ticks: 12994 (0:00:03:22.707)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880173e2dd0 Current fffff880173e2760
        Base fffff880173e3000 Limit fffff880173dd000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa800305c740
    SessionId: 0  Cid: 04e4    Peb: 7f6fb17c000  ParentCid: 0220
    DirBase: 3b3c6000  ObjectTable: fffff8a007e52800  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003b6bb00 Vads 169 Clone 0 Private 2473. Modified 1706. Locked 0.
    DeviceMap fffff8a002487200
    Token                             fffff8a007e5f060
    ElapsedTime                       2 Days 20:10:12.144
    UserTime                          00:00:01.310
    KernelTime                        00:00:00.374
    QuotaPoolUsage[PagedPool]         128712
    QuotaPoolUsage[NonPagedPool]      38640
    Working Set Sizes (now,min,max)  (4814, 50, 345) (19256KB, 200KB, 1380KB)
    PeakWorkingSetSize                17972
    VirtualSize                       95 Mb
    PeakVirtualSize                   1155 Mb
    PageFaultCount                    53486
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      4281

    Setting context for this process...
.process /p /r fffffa800305c740
                                       
    !peb
PEB at 000007f6fb17c000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000006f51081a40 . 0000006f529aa120
    Ldr.InLoadOrderModuleList:           0000006f51081ba0 . 0000006f529aa100
    Ldr.InMemoryOrderModuleList:         0000006f51081bb0 . 0000006f529aa110
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7feef860000 501088a9 Jul 26 01:00:41 2012 c:\windows\system32\bfe.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 c:\windows\system32\AUTHZ.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 c:\windows\system32\DNSAPI.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\SYSTEM32\wevtapi.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll
             7feef770000 501083d2 Jul 26 00:40:02 2012 c:\windows\system32\mpssvc.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 c:\windows\system32\FirewallAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 c:\windows\system32\fwpuclnt.dll
             7feef720000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\adhapi.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7feef660000 50108836 Jul 26 00:58:46 2012 c:\windows\system32\dps.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll
             7feeef20000 50108938 Jul 26 01:03:04 2012 C:\WINDOWS\system32\wfapigp.dll
             7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\WINDOWS\SYSTEM32\mrmcorer.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\system32\ntmarta.dll
             7feedc00000 5010883e Jul 26 00:58:54 2012 C:\WINDOWS\system32\wdi.dll
             7feed8c0000 50109756 Jul 26 02:03:18 2012 C:\WINDOWS\system32\diagperf.dll
             7feed8b0000 5010a852 Jul 26 03:15:46 2012 C:\WINDOWS\system32\pnpts.dll
             7feed6c0000 501087d4 Jul 26 00:57:08 2012 C:\WINDOWS\System32\srumsvc.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7feebc40000 5010a625 Jul 26 03:06:29 2012 C:\WINDOWS\system32\wdiasqmmodule.dll
             7feebc20000 5010883c Jul 26 00:58:52 2012 C:\WINDOWS\System32\nduprov.dll
             7feebc10000 50108838 Jul 26 00:58:48 2012 C:\WINDOWS\System32\wpnsruprov.dll
             7feebc00000 501089b3 Jul 26 01:05:07 2012 C:\WINDOWS\System32\appsruprov.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7feebbf0000 50108984 Jul 26 01:04:20 2012 C:\WINDOWS\System32\energyprov.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7feebbe0000 501089d1 Jul 26 01:05:37 2012 C:\WINDOWS\system32\SrumAPI.dll
             7feed640000 5010a15c Jul 26 02:46:04 2012 C:\WINDOWS\system32\dtsh.dll
             7fef0010000 5010a84c Jul 26 03:15:40 2012 C:\WINDOWS\system32\radardt.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef3780000 501089a5 Jul 26 01:04:53 2012 C:\WINDOWS\system32\pots.dll
             7fef3690000 50108798 Jul 26 00:56:08 2012 C:\WINDOWS\system32\tdh.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000006f51080000
    ProcessParameters: 0000006f51081200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork'
    DllPath:      '< Name not readable >'
    Environment:  0000006f51080860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa8003007700  Cid 04e4.04e8  Teb: 000007f6fb17e000 Win32Thread: fffff9010067fb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b26060  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679320       Ticks: 61808 (0:00:16:04.210)
        Context Switch Count      47             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88014ed8dd0 Current fffff88014ed8900
        Base fffff88014ed9000 Limit fffff88014ed3000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800379fb00  Cid 04e4.04fc  Teb: 000007f6fb174000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037eb480  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10504          Ticks: 15730624 (2:20:09:59.307)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff88014eeddd0 Current fffff88014eed900
        Base fffff88014eee000 Limit fffff88014ee8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003086b00  Cid 04e4.0500  Teb: 000007f6fb04e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80019f1d00  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      10510          Ticks: 15730618 (2:20:09:59.213)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff88014ef4dd0 Current fffff88014ef4900
        Base fffff88014ef5000 Limit fffff88014eef000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80030a5080  Cid 04e4.050c  Teb: 000007f6fb04c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800309e180  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736066       Ticks: 5062 (0:00:01:18.967)
        Context Switch Count      269            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address AUTHZ!AuthzpDeQueueThreadWorker (0x000007fef4113c90)
        Stack Init fffff88014f02dd0 Current fffff88014f02900
        Base fffff88014f03000 Limit fffff88014efd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003009b00  Cid 04e4.0518  Teb: 000007f6fb048000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80030a27d0  SynchronizationEvent
            fffffa8001cd23f0  NotificationEvent
            fffffa8003b558f0  NotificationEvent
            fffffa8001cd22f0  NotificationEvent
            fffffa80030b4fe0  NotificationEvent
        IRP List:
            fffffa800266bdf0: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8002ea3820: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8003f9c580: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8003e71ae0: (0006,0118) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727956       Ticks: 13172 (0:00:03:25.484)
        Context Switch Count      238            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address mpssvc!FwCachedStoreEnumBlobs (0x000007feef77c5b0)
        Stack Init fffff88014f10dd0 Current fffff88014f10180
        Base fffff88014f11000 Limit fffff88014f0b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80030a4080  Cid 04e4.0524  Teb: 000007f6fb044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b566f0  SynchronizationEvent
            fffffa8003082470  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736866       Ticks: 4262 (0:00:01:06.487)
        Context Switch Count      28             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address bfe!BfeNetEventRealTimeWorker (0x000007feef8a2b3c)
        Stack Init fffff88014f25dd0 Current fffff88014f25180
        Base fffff88014f26000 Limit fffff88014f20000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80030bf7c0  Cid 04e4.0528  Teb: 000007f6fb042000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800309c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679399       Ticks: 61729 (0:00:16:02.978)
        Context Switch Count      89             IdealProcessor: 0             
        UserTime                  00:00:00.187
        KernelTime                00:00:00.062
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014f3add0 Current fffff88014f3a760
        Base fffff88014f3b000 Limit fffff88014f35000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b1e080  Cid 04e4.054c  Teb: 000007f6fb03e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b63900  SynchronizationEvent
            fffffa8003b621a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739548       Ticks: 1580 (0:00:00:24.648)
        Context Switch Count      513            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88014f64dd0 Current fffff88014f64180
        Base fffff88014f65000 Limit fffff88014f5f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003b27080  Cid 04e4.0550  Teb: 000007f6fb03c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80030ae430  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679709       Ticks: 61419 (0:00:15:58.142)
        Context Switch Count      2557           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address mpssvc!NVNWorkerThread (0x000007feef7888e0)
        Stack Init fffff88014f6bdd0 Current fffff88014f6b900
        Base fffff88014f6c000 Limit fffff88014f66000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b25080  Cid 04e4.0554  Teb: 000007f6fb03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003b27890  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      13505          Ticks: 15727623 (2:20:09:12.491)
        Context Switch Count      62             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mpssvc!FwDynDataNotifySinkProc (0x000007feef7a5230)
        Stack Init fffff88014f72dd0 Current fffff88014f72900
        Base fffff88014f73000 Limit fffff88014f6d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b25b00  Cid 04e4.0558  Teb: 000007f6fb038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b27700  SynchronizationEvent
            fffffa8003b27780  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680160       Ticks: 60968 (0:00:15:51.106)
        Context Switch Count      18             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mpssvc!FwMonitorQuarantineState (0x000007feef788570)
        Stack Init fffff88014f79dd0 Current fffff88014f79180
        Base fffff88014f7a000 Limit fffff88014f74000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b23b00  Cid 04e4.0570  Teb: 000007f6fb034000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b677d0  NotificationEvent
            fffffa8003b70a50  SynchronizationEvent
            fffffa8003b709d0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15719355       Ticks: 21773 (0:00:05:39.660)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address dps!DpspBackgroundControl (0x000007feef6631a0)
        Stack Init fffff88014fa3dd0 Current fffff88014fa3180
        Base fffff88014fa4000 Limit fffff88014f9e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80030b1700  Cid 04e4.0768  Teb: 000007f6fb036000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ea15a0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      12536          Ticks: 15728592 (2:20:09:27.607)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address dps!_imp_load_WdipLaunchLocalHost (0x000007feef669c68)
        Stack Init fffff88015faadd0 Current fffff88015faa900
        Base fffff88015fab000 Limit fffff88015fa5000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f38080  Cid 04e4.06a4  Teb: 000007f6fb026000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f196b0  NotificationEvent
            fffffa8003f2ae60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15691573       Ticks: 49555 (0:00:12:53.062)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wdiasqmmodule!WDIASqmNamespace::CASqmManager::static_UpdateThreadProc (0x000007feebc424e8)
        Stack Init fffff88016092dd0 Current fffff88016092180
        Base fffff88016093000 Limit fffff8801608d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e2db00  Cid 04e4.0754  Teb: 000007f6fb024000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e202d0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      13514          Ticks: 15727614 (2:20:09:12.350)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wpnsruprov!WpnSruServerHost (0x000007feebc11544)
        Stack Init fffff880161bfdd0 Current fffff880161bf900
        Base fffff880161c0000 Limit fffff880161ba000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f3c080  Cid 04e4.0770  Teb: 000007f6fb022000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003da61a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679073       Ticks: 62055 (0:00:16:08.064)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address energyprov!SrumtelRunEventQueueWorker (0x000007feebbf55dc)
        Stack Init fffff880161c6dd0 Current fffff880161c6900
        Base fffff880161c7000 Limit fffff880161c1000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c0b080  Cid 04e4.0198  Teb: 000007f6fb04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003956ca0  NotificationEvent
            fffffa80017fbad0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      27182          Ticks: 15713946 (2:20:05:39.128)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address radardt!RdrpMonitorResources (0x000007fef0014910)
        Stack Init fffff880164fcdd0 Current fffff880164fc180
        Base fffff880164fd000 Limit fffff880164f7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cd7080  Cid 04e4.0dfc  Teb: 000007f6fb17a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c82890  NotificationEvent
            fffffa8004069060  NotificationTimer
            fffffa80041feac0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738529       Ticks: 2599 (0:00:00:40.544)
        Context Switch Count      352            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address radardt!RdrpMonitorCommitCharge (0x000007fef0011044)
        Stack Init fffff8801736add0 Current fffff8801736a180
        Base fffff8801736b000 Limit fffff88017365000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800211a5c0  Cid 04e4.0d24  Teb: 000007f6fb176000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800397da80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741106       Ticks: 22 (0:00:00:00.343)
        Context Switch Count      1087           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015061dd0 Current fffff88015061760
        Base fffff88015062000 Limit fffff8801505c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003e91080  Cid 04e4.0f5c  Teb: 000007f6fb178000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800397da80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740464       Ticks: 664 (0:00:00:10.358)
        Context Switch Count      942            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014ee6dd0 Current fffff88014ee6760
        Base fffff88014ee7000 Limit fffff88014ee1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018d4780  Cid 04e4.0a58  Teb: 000007f6fb040000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800397da80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741106       Ticks: 22 (0:00:00:00.343)
        Context Switch Count      300            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017117dd0 Current fffff88017117760
        Base fffff88017118000 Limit fffff88017112000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800307db00  Cid 04e4.012c  Teb: 000007f6fb046000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800397da80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa800305c740       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736066       Ticks: 5062 (0:00:01:18.967)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017125dd0 Current fffff88017125760
        Base fffff88017126000 Limit fffff88017120000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa80039a9940
    SessionId: 0  Cid: 0598    Peb: 7f680503000  ParentCid: 0220
    DirBase: 3e8d9000  ObjectTable: fffff8a002749980  HandleCount: <Data Not Accessible>
    Image: MsMpEng.exe
    VadRoot fffffa8001d5c8f0 Vads 562 Clone 0 Private 15827. Modified 187229. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a00661f060
    ElapsedTime                       2 Days 20:10:06.404
    UserTime                          00:00:28.984
    KernelTime                        00:00:04.009
    QuotaPoolUsage[PagedPool]         229304
    QuotaPoolUsage[NonPagedPool]      78016
    Working Set Sizes (now,min,max)  (11514, 50, 345) (46056KB, 200KB, 1380KB)
    PeakWorkingSetSize                89567
    VirtualSize                       199 Mb
    PeakVirtualSize                   509 Mb
    PageFaultCount                    850028
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      17114

    Setting context for this process...
.process /p /r fffffa80039a9940
                                       
    !peb
PEB at 000007f680503000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f680bf0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000071da4719d0 . 00000071da491e00
    Ldr.InLoadOrderModuleList:           00000071da471b30 . 00000071da491de0
    Ldr.InMemoryOrderModuleList:         00000071da471b40 . 00000071da491df0
                    Base TimeStamp                     Module
             7f680bf0000 5010a938 Jul 26 03:19:36 2012 C:\Program Files\Windows Defender\MsMpEng.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feef2b0000 50109d8b Jul 26 02:29:47 2012 C:\Program Files\Windows Defender\mpsvc.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll
             7feeedf0000 50109ed2 Jul 26 02:35:14 2012 C:\Program Files\Windows Defender\mpclient.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\SYSTEM32\VERSION.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7feeea50000 5010a095 Jul 26 02:42:45 2012 C:\Program Files\Windows Defender\mprtp.dll
             7feee8d0000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\SYSTEM32\FLTLIB.DLL
             7fef7b20000 50108aed Jul 26 01:10:21 2012 C:\WINDOWS\system32\psapi.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\sspicli.dll
             7feedf40000 50107eeb Jul 26 00:19:07 2012 C:\WINDOWS\system32\wscapi.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll
             7fef7ce0000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\imagehlp.dll
             7fee24b0000 5077c388 Oct 12 08:15:20 2012 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8F89690-6BB7-40A3-9B36-022257D7D294}\mpengine.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000071da470000
    ProcessParameters: 00000071da471170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\Program Files\Windows Defender\MsMpEng.exe'
    ImageFile:    'C:\Program Files\Windows Defender\MsMpEng.exe'
    CommandLine:  '"C:\Program Files\Windows Defender\MsMpEng.exe"'
    DllPath:      '< Name not readable >'
    Environment:  00000071da48bff0
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8003b8bb00  Cid 0598.059c  Teb: 000007f68050e000 Win32Thread: fffff90100685290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ba4060  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680788       Ticks: 60340 (0:00:15:41.310)
        Context Switch Count      70             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address MsMpEng!AbsMain (0x000007f680bf10d8)
        Stack Init fffff880155c0dd0 Current fffff880155c0900
        Base fffff880155c1000 Limit fffff880155bb000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800302eb00  Cid 0598.05c0  Teb: 000007f68050c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b81d80  QueueObject
        IRP List:
            fffffa8003bcc6c0: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736406       Ticks: 4722 (0:00:01:13.663)
        Context Switch Count      1304           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e76dd0 Current fffff88014e76760
        Base fffff88014e77000 Limit fffff88014e71000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003be8b00  Cid 0598.0618  Teb: 000007f680506000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003ba9380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15722723       Ticks: 18405 (0:00:04:47.119)
        Context Switch Count      31             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015e14dd0 Current fffff88015e14760
        Base fffff88015e15000 Limit fffff88015e0f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bce080  Cid 0598.0674  Teb: 000007f6803da000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      62603          Ticks: 15678525 (2:19:56:26.557)
        Context Switch Count      470            IdealProcessor: 0             
        UserTime                  00:00:00.717
        KernelTime                00:00:00.046
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e61dd0 Current fffff88015e617a0
        Base fffff88015e62000 Limit fffff88015e5c000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bce9c0  Cid 0598.0678  Teb: 000007f6803d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15690575       Ticks: 50553 (0:00:13:08.631)
        Context Switch Count      2401           IdealProcessor: 0             
        UserTime                  00:00:05.475
        KernelTime                00:00:00.374
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88014f80dd0 Current fffff88014f807a0
        Base fffff88014f81000 Limit fffff88014f7b000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003de5b00  Cid 0598.067c  Teb: 000007f6803d6000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735445       Ticks: 5683 (0:00:01:28.655)
        Context Switch Count      6123           IdealProcessor: 0             
        UserTime                  00:00:16.068
        KernelTime                00:00:01.201
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88014fb8dd0 Current fffff88014fb87a0
        Base fffff88014fb9000 Limit fffff88014fb3000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b88080  Cid 0598.0680  Teb: 000007f6803d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740132       Ticks: 996 (0:00:00:15.537)
        Context Switch Count      4005           IdealProcessor: 0             
        UserTime                  00:00:09.172
        KernelTime                00:00:00.904
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e6fdd0 Current fffff88015e6f7a0
        Base fffff88015e70000 Limit fffff88015e6a000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003dff080  Cid 0598.0684  Teb: 000007f6803d2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      62603          Ticks: 15678525 (2:19:56:26.557)
        Context Switch Count      3912           IdealProcessor: 0             
        UserTime                  00:00:08.049
        KernelTime                00:00:00.405
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e76dd0 Current fffff88015e767a0
        Base fffff88015e77000 Limit fffff88015e71000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bcdb00  Cid 0598.0688  Teb: 000007f6803d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15690558       Ticks: 50570 (0:00:13:08.897)
        Context Switch Count      5483           IdealProcessor: 0             
        UserTime                  00:00:09.812
        KernelTime                00:00:00.639
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e7ddd0 Current fffff88015e7d7a0
        Base fffff88015e7e000 Limit fffff88015e78000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003dec080  Cid 0598.068c  Teb: 000007f6803ce000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039f6d40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      62603          Ticks: 15678525 (2:19:56:26.557)
        Context Switch Count      354            IdealProcessor: 0             
        UserTime                  00:00:00.514
        KernelTime                00:00:00.031
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e84dd0 Current fffff88015e847a0
        Base fffff88015e85000 Limit fffff88015e7f000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003decb00  Cid 0598.0690  Teb: 000007f6803cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80039a07c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736594       Ticks: 4534 (0:00:01:10.730)
        Context Switch Count      1014           IdealProcessor: 0             
        UserTime                  00:00:01.825
        KernelTime                00:00:00.187
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015e8bdd0 Current fffff88015e8b7a0
        Base fffff88015e8c000 Limit fffff88015e86000 Call 0
        Priority 4 BasePriority 4 UnusualBoost 0 ForegroundBoost 0 IoPriority 0 PagePriority 1

        THREAD fffffa8003e0db00  Cid 0598.06cc  Teb: 000007f6803ca000 Win32Thread: fffff90100695b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b81d80  QueueObject
        IRP List:
            fffffa8001d57850: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736443       Ticks: 4685 (0:00:01:13.086)
        Context Switch Count      5746           IdealProcessor: 0             
        UserTime                  00:00:11.980
        KernelTime                00:00:01.435
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015e30dd0 Current fffff88015e30760
        Base fffff88015e31000 Limit fffff88015e2b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e43080  Cid 0598.04ec  Teb: 000007f68050a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003d8d580  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740200       Ticks: 928 (0:00:00:14.476)
        Context Switch Count      3521           IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015e92dd0 Current fffff88015e92760
        Base fffff88015e93000 Limit fffff88015e8d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002612980  Cid 0598.08e4  Teb: 000007f680504000 Win32Thread: fffff901006f3010 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b81d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      1419           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161b8dd0 Current fffff880161b8760
        Base fffff880161b9000 Limit fffff880161b3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80041af080  Cid 0598.03a4  Teb: 000007f6803a8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b81d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740224       Ticks: 904 (0:00:00:14.102)
        Context Switch Count      77             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017468dd0 Current fffff88017468760
        Base fffff88017469000 Limit fffff88017463000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002cf5b00  Cid 0598.0f54  Teb: 000007f6803a4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f337b0  NotificationEvent
            fffffa8003dde9b0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737894       Ticks: 3234 (0:00:00:50.450)
        Context Switch Count      28             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015109dd0 Current fffff88015109180
        Base fffff8801510a000 Limit fffff88015104000 Call 0
        Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d1d700  Cid 0598.0e38  Teb: 000007f6803c8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003d8d580  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80039a9940       Image:         MsMpEng.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      108            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016581dd0 Current fffff88016581760
        Base fffff88016582000 Limit fffff8801657c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003d8f080
    SessionId: 0  Cid: 063c    Peb: 7f6e696f000  ParentCid: 03f0
    DirBase: 0a9ad000  ObjectTable: fffff8a0005f2f00  HandleCount: <Data Not Accessible>
    Image: dasHost.exe
    VadRoot fffffa8003d88520 Vads 91 Clone 0 Private 622. Modified 91. Locked 0.
    DeviceMap fffff8a002487200
    Token                             fffff8a00667b770
    ElapsedTime                       2 Days 20:09:57.870
    UserTime                          00:00:00.171
    KernelTime                        00:00:00.171
    QuotaPoolUsage[PagedPool]         147056
    QuotaPoolUsage[NonPagedPool]      11888
    Working Set Sizes (now,min,max)  (2803, 50, 345) (11212KB, 200KB, 1380KB)
    PeakWorkingSetSize                3077
    VirtualSize                       68 Mb
    PeakVirtualSize                   80 Mb
    PageFaultCount                    3908
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      881

    Setting context for this process...
.process /p /r fffffa8003d8f080
                                       
    !peb
PEB at 000007f6e696f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6e73f0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000005342121a00 . 0000005342176340
    Ldr.InLoadOrderModuleList:           0000005342121b60 . 0000005342176320
    Ldr.InMemoryOrderModuleList:         0000005342121b70 . 0000005342176330
                    Base TimeStamp                     Module
             7f6e73f0000 5010a616 Jul 26 03:06:14 2012 C:\WINDOWS\system32\dashost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7feede00000 50108618 Jul 26 00:49:44 2012 C:\WINDOWS\system32\dafupnp.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7feec080000 505a9784 Sep 20 05:11:48 2012 C:\WINDOWS\system32\DAFWSD.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7feed4f0000 50108576 Jul 26 00:47:02 2012 C:\WINDOWS\system32\wsdapi.dll
             7feed3a0000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\webservices.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\system32\webio.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll
             7fef1d80000 505a9bc8 Sep 20 05:30:00 2012 C:\Windows\System32\Windows.Media.Streaming.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7fef1d20000 5010a00e Jul 26 02:40:30 2012 C:\WINDOWS\system32\upnp.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000005342120000
    ProcessParameters: 0000005342121200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'dashost.exe'
    ImageFile:    'C:\WINDOWS\system32\dashost.exe'
    CommandLine:  'dashost.exe {85609bb3-b0c4-4c8a-a46305af866ce627}'
    DllPath:      '< Name not readable >'
    Environment:  0000005342120860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa8003d82500  Cid 063c.0640  Teb: 000007f6e696d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bbe6a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003d8f080       Image:         dasHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      11259          Ticks: 15729869 (2:20:09:47.529)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address dashost!wmainCRTStartup (0x000007f6e73fbe5c)
        Stack Init fffff88014f33dd0 Current fffff88014f33900
        Base fffff88014f34000 Limit fffff88014f2e000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e29b00  Cid 063c.0124  Teb: 000007f6e6963000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa8003e29ea8  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a006688cf0 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003d8f080       Image:         dasHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679171       Ticks: 61957 (0:00:16:06.535)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SSDPAPI!GetNotificationLoop (0x000007feeef05c38)
        Stack Init fffff880161a3dd0 Current fffff880161a3660
        Base fffff880161a4000 Limit fffff8801619e000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003fc4b00  Cid 063c.0828  Teb: 000007f6e683e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003f64cc0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003d8f080       Image:         dasHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679298       Ticks: 61830 (0:00:16:04.554)
        Context Switch Count      27             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161aadd0 Current fffff880161aa760
        Base fffff880161ab000 Limit fffff880161a5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f23740  Cid 063c.0d28  Teb: 000007f6e6965000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b0d280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003d8f080       Image:         dasHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15703645       Ticks: 37483 (0:00:09:44.738)
        Context Switch Count      1173           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015406dd0 Current fffff88015406760
        Base fffff88015407000 Limit fffff88015401000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8003eec940
    SessionId: 0  Cid: 07e8    Peb: 7f6fa92f000  ParentCid: 0220
    DirBase: 3fdd9000  ObjectTable: fffff8a0006d3f00  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa8003ef2610 Vads 162 Clone 0 Private 1095. Modified 369. Locked 134.
    DeviceMap fffff8a002487200
    Token                             fffff8a0027da770
    ElapsedTime                       2 Days 20:09:34.985
    UserTime                          00:00:00.374
    KernelTime                        00:00:00.390
    QuotaPoolUsage[PagedPool]         194616
    QuotaPoolUsage[NonPagedPool]      32784
    Working Set Sizes (now,min,max)  (4377, 50, 345) (17508KB, 200KB, 1380KB)
    PeakWorkingSetSize                4553
    VirtualSize                       94 Mb
    PeakVirtualSize                   99 Mb
    PageFaultCount                    9698
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1532

    Setting context for this process...
.process /p /r fffffa8003eec940
                                       
    !peb
PEB at 000007f6fa92f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000005590551a50 . 00000055906143c0
    Ldr.InLoadOrderModuleList:           0000005590551bb0 . 00000055906143a0
    Ldr.InMemoryOrderModuleList:         0000005590551bc0 . 00000055906143b0
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7feed390000 50108745 Jul 26 00:54:45 2012 c:\windows\system32\fdrespub.dll
             7feed4f0000 50108576 Jul 26 00:47:02 2012 c:\windows\system32\wsdapi.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 c:\windows\system32\IPHLPAPI.DLL
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feed3a0000 50108b7f Jul 26 01:12:47 2012 c:\windows\system32\webservices.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 c:\windows\system32\FirewallAPI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 c:\windows\system32\WINNSI.DLL
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7feed340000 50108597 Jul 26 00:47:35 2012 c:\windows\system32\ssdpsrv.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7feec260000 5010879e Jul 26 00:56:14 2012 C:\Windows\System32\FunDisc.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\WINHTTP.dll
             7feebc50000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\system32\HTTPAPI.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 c:\windows\system32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 c:\windows\system32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 c:\windows\system32\NTASN1.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feeae40000 50108080 Jul 26 00:25:52 2012 c:\windows\system32\upnphost.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 c:\windows\system32\SSDPAPI.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll
             7fef0e10000 501086e3 Jul 26 00:53:07 2012 C:\Windows\System32\AppXDeploymentClient.dll
             7feeb0a0000 50109358 Jul 26 01:46:16 2012 C:\WINDOWS\System32\AppxPackaging.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7feea6a0000 50109080 Jul 26 01:34:08 2012 C:\WINDOWS\System32\OpcServices.DLL
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7feeafa0000 50109eff Jul 26 02:35:59 2012 C:\WINDOWS\system32\udhisapi.dll
             7fee9c10000 50108a97 Jul 26 01:08:55 2012 C:\WINDOWS\system32\CRYPTXML.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef3090000 505a99fd Sep 20 05:22:21 2012 c:\windows\system32\timebrokerserver.dll
             7feedf20000 5010abc3 Jul 26 03:30:27 2012 C:\WINDOWS\SYSTEM32\bi.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll
             7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fee8450000 505a96ea Sep 20 05:09:14 2012 c:\windows\system32\wsservice.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000005590550000
    ProcessParameters: 0000005590551200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation'
    DllPath:      '< Name not readable >'
    Environment:  0000005590550860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa8003ee5800  Cid 07e8.07ec  Teb: 000007f6fa92d000 Win32Thread: fffff901006993a0 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80039b6c30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15733059       Ticks: 8069 (0:00:02:05.877)
        Context Switch Count      75             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff88016061dd0 Current fffff88016061900
        Base fffff88016062000 Limit fffff8801605c000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f00080  Cid 07e8.03fc  Teb: 000007f6fa92b000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003dc2620  NotificationEvent
            fffffa8003e24c40  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679171       Ticks: 61957 (0:00:16:06.535)
        Context Switch Count      1587           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.109
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016084dd0 Current fffff88016084180
        Base fffff88016085000 Limit fffff8801607f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f17080  Cid 07e8.04dc  Teb: 000007f6fa923000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003f0acc0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15685436       Ticks: 55692 (0:00:14:28.800)
        Context Switch Count      39             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880160dfdd0 Current fffff880160df760
        Base fffff880160e0000 Limit fffff880160da000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e1e080  Cid 07e8.0608  Teb: 000007f6fa7fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80039e2380  NotificationEvent
        IRP List:
            fffffa80027a28a0: (0006,01f0) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741084       Ticks: 44 (0:00:00:00.686)
        Context Switch Count      381            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ssdpsrv!CSsdpSearchRequestManager::DwSearchThreadProc (0x000007feed350ce0)
        Stack Init fffff880160bcdd0 Current fffff880160bc900
        Base fffff880160bd000 Limit fffff880160b7000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003f78080  Cid 07e8.05f8  Teb: 000007f6fa7f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800366e3e0  SynchronizationEvent
            fffffa800372e3f0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741009       Ticks: 119 (0:00:00:01.856)
        Context Switch Count      783            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address ssdpsrv!CReceiveDataManager::ThreadFunc (0x000007feed3431b0)
        Stack Init fffff8801600ddd0 Current fffff8801600d180
        Base fffff8801600e000 Limit fffff88016008000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003e04080  Cid 07e8.02c8  Teb: 000007f6fa7f4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80039d7940  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679291       Ticks: 61837 (0:00:16:04.663)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016172dd0 Current fffff88016172760
        Base fffff88016173000 Limit fffff8801616d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003df94c0  Cid 07e8.0248  Teb: 000007f6fa7ee000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003dc2620  NotificationEvent
            fffffa8003e24820  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      13514          Ticks: 15727614 (2:20:09:12.350)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016195dd0 Current fffff88016195180
        Base fffff88016196000 Limit fffff88016190000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e8d880  Cid 07e8.0544  Teb: 000007f6fa7e6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ea9d30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18772          Ticks: 15722356 (2:20:07:50.325)
        Context Switch Count      14             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address FunDisc!CNotificationQueue::ThreadProc (0x000007feec2654c0)
        Stack Init fffff8801616bdd0 Current fffff8801616b900
        Base fffff8801616c000 Limit fffff88016166000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ef7b00  Cid 07e8.04a8  Teb: 000007f6fa7e4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8004018400  SynchronizationEvent
            fffffa8003d898b0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      18771          Ticks: 15722357 (2:20:07:50.341)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address FunDisc!CRegProvider::ThreadProc (0x000007feec27708c)
        Stack Init fffff88016099dd0 Current fffff88016099180
        Base fffff8801609a000 Limit fffff88016094000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f26080  Cid 07e8.057c  Teb: 000007f6fa7e2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003f28380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679660       Ticks: 61468 (0:00:15:58.906)
        Context Switch Count      132            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801613add0 Current fffff8801613a760
        Base fffff8801613b000 Limit fffff88016135000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ed8b00  Cid 07e8.0874  Teb: 000007f6fa7f2000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e0c640  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679749       Ticks: 61379 (0:00:15:57.518)
        Context Switch Count      14             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880162b6dd0 Current fffff880162b6760
        Base fffff880162b7000 Limit fffff880162b1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002c4fb00  Cid 07e8.0bd4  Teb: 000007f6fa929000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003f5f980  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679738       Ticks: 61390 (0:00:15:57.690)
        Context Switch Count      95             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801608bdd0 Current fffff8801608b760
        Base fffff8801608c000 Limit fffff88016086000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003657b00  Cid 07e8.0734  Teb: 000007f6fa925000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003dc2620  NotificationEvent
            fffffa8002c64930  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680365       Ticks: 60763 (0:00:15:47.908)
        Context Switch Count      1198           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880164bddd0 Current fffff880164bd180
        Base fffff880164be000 Limit fffff880164b8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d51080  Cid 07e8.0be0  Teb: 000007f6fa7e0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001cf0cb0  NotificationEvent
            fffffa80027a8800  SynchronizationEvent
        IRP List:
            fffffa8003e1f620: (0006,01f0) Flags: 00060030  Mdl: fffffa80037368b0
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679261       Ticks: 61867 (0:00:16:05.131)
        Context Switch Count      35             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address upnphost!BaseHttpListener::DoReceiveRequestHeadersStub (0x000007feeae57300)
        Stack Init fffff88015f8edd0 Current fffff88015f8e180
        Base fffff88015f8f000 Limit fffff88015f89000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c87b00  Cid 07e8.0b24  Teb: 000007f6fa7d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c6fa80  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      40             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0)
        Stack Init fffff8801606fdd0 Current fffff8801606f900
        Base fffff88016070000 Limit fffff8801606a000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e1ab00  Cid 07e8.0d80  Teb: 000007f6fa7d4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001cf0d30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      37             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address upnphost!SVSThreadPool::SVSThreadPoolWorkerThread (0x000007feeae863d0)
        Stack Init fffff8801740ddd0 Current fffff8801740d900
        Base fffff8801740e000 Limit fffff88017408000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d0c080  Cid 07e8.0ca8  Teb: 000007f6fa7cc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dbf240  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679404       Ticks: 61724 (0:00:16:02.900)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801624ddd0 Current fffff8801624d760
        Base fffff8801624e000 Limit fffff88016248000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001e1a280  Cid 07e8.0b08  Teb: 000007f6fa7dc000 Win32Thread: fffff90100702b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003642e90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15729717       Ticks: 11411 (0:00:02:58.012)
        Context Switch Count      109            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88017500dd0 Current fffff880175005f0
        Base fffff88017501000 Limit fffff880174fb000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800218f9c0  Cid 07e8.0630  Teb: 000007f6fa7fe000 Win32Thread: fffff901006d7b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80033a39f0  Semaphore Limit 0x1f4
            fffffa8002cfe8b0  NotificationEvent
            fffffa8003dc2620  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740815       Ticks: 313 (0:00:00:04.882)
        Context Switch Count      272            IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161cddd0 Current fffff880161cd180
        Base fffff880161ce000 Limit fffff880161c8000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 1 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003d84b00  Cid 07e8.0c7c  Teb: 000007f6fa927000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e1eb80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736886       Ticks: 4242 (0:00:01:06.175)
        Context Switch Count      120            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017084dd0 Current fffff88017084760
        Base fffff88017085000 Limit fffff8801707f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80030739c0  Cid 07e8.0bb4  Teb: 000007f6fa7fc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e1eb80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741009       Ticks: 119 (0:00:00:01.856)
        Context Switch Count      28             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801506fdd0 Current fffff8801506f760
        Base fffff88015070000 Limit fffff8801506a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002ef9b00  Cid 07e8.01f0  Teb: 000007f6fa7ec000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e1eb80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741084       Ticks: 44 (0:00:00:00.686)
        Context Switch Count      44             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016518dd0 Current fffff88016518760
        Base fffff88016519000 Limit fffff88016513000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80041b25c0  Cid 07e8.0f2c  Teb: 000007f6fa7f8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80036dcbc0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740864       Ticks: 264 (0:00:00:04.118)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88002f17dd0 Current fffff88002f17760
        Base fffff88002f18000 Limit fffff88002f12000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d3db00  Cid 07e8.0490  Teb: 000007f6fa7f0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80036dcbc0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003eec940       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741084       Ticks: 44 (0:00:00:00.686)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801651fdd0 Current fffff8801651f760
        Base fffff88016520000 Limit fffff8801651a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003fea3c0
    SessionId: 0  Cid: 08a8    Peb: 7f6fb20f000  ParentCid: 0220
    DirBase: 4ae86000  ObjectTable: fffff8a000853600  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa80033ae0b0 Vads 200 Clone 0 Private 822. Modified 304. Locked 656.
    DeviceMap fffff8a002487200
    Token                             fffff8a0028468b0
    ElapsedTime                       2 Days 20:09:10.711
    UserTime                          00:00:00.031
    KernelTime                        00:00:00.062
    QuotaPoolUsage[PagedPool]         102632
    QuotaPoolUsage[NonPagedPool]      28944
    Working Set Sizes (now,min,max)  (2801, 50, 345) (11204KB, 200KB, 1380KB)
    PeakWorkingSetSize                3009
    VirtualSize                       836 Mb
    PeakVirtualSize                   1090 Mb
    PageFaultCount                    5937
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1556

    Setting context for this process...
.process /p /r fffffa8003fea3c0
                                       
    !peb
PEB at 000007f6fb20f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000083e7fd1a40 . 00000083e800c8b0
    Ldr.InLoadOrderModuleList:           00000083e7fd1ba0 . 00000083e800c890
    Ldr.InMemoryOrderModuleList:         00000083e7fd1bb0 . 00000083e800c8a0
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\System32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef1cc0000 5010839f Jul 26 00:39:11 2012 c:\windows\system32\pnrpsvc.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\sspicli.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\System32\POWRPROF.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\System32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\System32\dhcpcsvc.DLL
             7feefa60000 50109e21 Jul 26 02:32:17 2012 C:\WINDOWS\System32\sqmapi.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\System32\SSDPAPI.DLL
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\System32\DPAPI.dll
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\System32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\System32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\System32\NTASN1.dll
             7feeb430000 501080be Jul 26 00:26:54 2012 c:\windows\system32\p2psvc.dll
             7feeb3c0000 50108656 Jul 26 00:50:46 2012 c:\windows\system32\P2PGRAPH.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 c:\windows\system32\ESENT.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\System32\AUTHZ.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\secur32.dll
             7feec290000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\pnrpnsp.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\System32\slc.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7feeaf20000 5010a94c Jul 26 03:19:56 2012 C:\WINDOWS\System32\drttransport.dll
             7feeaed0000 5010a958 Jul 26 03:20:08 2012 C:\WINDOWS\System32\drt.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\System32\pcwum.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000083e7fd0000
    ProcessParameters: 00000083e7fd1200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\System32\svchost.exe'
    ImageFile:    'C:\WINDOWS\System32\svchost.exe'
    CommandLine:  'C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet'
    DllPath:      '< Name not readable >'
    Environment:  00000083e7fd0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa8003fd3600  Cid 08a8.08ac  Teb: 000007f6fb20d000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800394a600  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679225       Ticks: 61903 (0:00:16:05.692)
        Context Switch Count      36             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff880162d2dd0 Current fffff880162d2900
        Base fffff880162d3000 Limit fffff880162cd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f6fb00  Cid 08a8.08b0  Teb: 000007f6fb20b000 Win32Thread: fffff901000cc010 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e98b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739419       Ticks: 1709 (0:00:00:26.660)
        Context Switch Count      11047          IdealProcessor: 0             
        UserTime                  00:00:00.171
        KernelTime                00:00:00.265
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880162cbdd0 Current fffff880162cb760
        Base fffff880162cc000 Limit fffff880162c6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003857080  Cid 08a8.0990  Teb: 000007f6fb207000 Win32Thread: fffff901006d9b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e98b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739419       Ticks: 1709 (0:00:00:26.660)
        Context Switch Count      9229           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.156
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880162e7dd0 Current fffff880162e7760
        Base fffff880162e8000 Limit fffff880162e2000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018fc080  Cid 08a8.0998  Teb: 000007f6fb0de000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f95480  SynchronizationEvent
            fffffa8003f22720  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15160          Ticks: 15725968 (2:20:08:46.673)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address pnrpsvc!CPnrpCloudManager::PnrpRegNotifyThreadProc (0x000007fef1ceb31c)
        Stack Init fffff8801623edd0 Current fffff8801623e180
        Base fffff8801623f000 Limit fffff88016239000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800261b080  Cid 08a8.0a24  Teb: 000007f6fb0da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003de5620  NotificationEvent
            fffffa8003613a10  NotificationEvent
            fffffa8003f33d50  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679813       Ticks: 61315 (0:00:15:56.520)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address pnrpsvc!CPnrpCloud::DrtEventThreadProc (0x000007fef1ce6398)
        Stack Init fffff88015014dd0 Current fffff88015014180
        Base fffff88015015000 Limit fffff8801500f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002619080  Cid 08a8.0a54  Teb: 000007f6fb0dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e98b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740763       Ticks: 365 (0:00:00:05.694)
        Context Switch Count      9809           IdealProcessor: 0             
        UserTime                  00:00:00.124
        KernelTime                00:00:00.124
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003ddfdd0 Current fffff88003ddf760
        Base fffff88003de0000 Limit fffff88003dda000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80021a3600  Cid 08a8.0ce0  Teb: 000007f6fb0d4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003e98b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741118       Ticks: 10 (0:00:00:00.156)
        Context Switch Count      3041           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.062
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016485dd0 Current fffff88016485760
        Base fffff88016486000 Limit fffff88016480000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800381a080  Cid 08a8.095c  Teb: 000007f6fb203000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003673f60  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679761       Ticks: 61367 (0:00:15:57.331)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880163dddd0 Current fffff880163dd900
        Base fffff880163de000 Limit fffff880163d8000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001e5db00  Cid 08a8.091c  Teb: 000007f6fb0d8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003e3d3c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679779       Ticks: 61349 (0:00:15:57.050)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88016179dd0 Current fffff880161797a0
        Base fffff8801617a000 Limit fffff88016174000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8004146080  Cid 08a8.0ad0  Teb: 000007f6fb209000 Win32Thread: 0000000000000000 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa8004146428  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a0067d5770 : queued at port fffffa8003e05090 : owned by process fffffa8003eec940
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa8003fea3c0       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740815       Ticks: 313 (0:00:00:04.882)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SSDPAPI!CThreadBase::DwThreadProc (0x000007feeef0a9e8)
        Stack Init fffff880159bddd0 Current fffff880159bd660
        Base fffff880159be000 Limit fffff880159b8000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002772940
    SessionId: 0  Cid: 0bac    Peb: 7f7e166e000  ParentCid: 0288
    DirBase: 2428a000  ObjectTable: fffff8a0008cc040  HandleCount: <Data Not Accessible>
    Image: dllhost.exe
    VadRoot fffffa8003fa2240 Vads 54 Clone 0 Private 225. Modified 15. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a006a68060
    ElapsedTime                       2 Days 20:08:02.445
    UserTime                          00:00:00.031
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         64096
    QuotaPoolUsage[NonPagedPool]      6848
    Working Set Sizes (now,min,max)  (1473, 50, 345) (5892KB, 200KB, 1380KB)
    PeakWorkingSetSize                1504
    VirtualSize                       33 Mb
    PeakVirtualSize                   38 Mb
    PageFaultCount                    1669
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      361

    Setting context for this process...
.process /p /r fffffa8002772940
                                       
    !peb
PEB at 000007f7e166e000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7e2350000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000005158f31a10 . 0000005158f5e0b0
    Ldr.InLoadOrderModuleList:           0000005158f31b70 . 0000005158f5e1b0
    Ldr.InMemoryOrderModuleList:         0000005158f31b80 . 0000005158f5e1c0
                    Base TimeStamp                     Module
             7f7e2350000 50108850 Jul 26 00:59:12 2012 C:\WINDOWS\system32\DllHost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll
             7feea620000 501081c6 Jul 26 00:31:18 2012 C:\WINDOWS\System32\wlidprov.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000005158f30000
    ProcessParameters: 0000005158f31170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\DllHost.exe'
    ImageFile:    'C:\WINDOWS\system32\DllHost.exe'
    CommandLine:  'C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}'
    DllPath:      '< Name not readable >'
    Environment:  0000005158f30860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8002c5c080  Cid 0bac.0bb0  Teb: 000007f7e166c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e75190  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002772940       Image:         dllhost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      19238          Ticks: 15721890 (2:20:07:43.055)
        Context Switch Count      41             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.031
        Win32 Start Address DllHost!wWinMainCRTStartup (0x000007f7e23511d4)
        Stack Init fffff88014e3edd0 Current fffff88014e3e900
        Base fffff88014e3f000 Limit fffff88014e39000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80018ea5c0  Cid 0bac.0bc0  Teb: 000007f7e1664000 Win32Thread: fffff90100671b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8002767d30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002772940       Image:         dllhost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736660       Ticks: 4468 (0:00:01:09.701)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880151d4dd0 Current fffff880151d45f0
        Base fffff880151d5000 Limit fffff880151cf000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002e1fb00  Cid 0bac.087c  Teb: 000007f7e1538000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800402f9e0  NotificationEvent
            fffffa8002e5a960  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002772940       Image:         dllhost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15711974       Ticks: 29154 (0:00:07:34.805)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0)
        Stack Init fffff88016254dd0 Current fffff88016254180
        Base fffff88016255000 Limit fffff8801624f000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f7c080  Cid 0bac.0a78  Teb: 000007f7e166a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002dbcc80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002772940       Image:         dllhost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15710136       Ticks: 30992 (0:00:08:03.478)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880158b8dd0 Current fffff880158b8760
        Base fffff880158b9000 Limit fffff880158b3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa80038e6940
    SessionId: 0  Cid: 0270    Peb: 7f79c425000  ParentCid: 0220
    DirBase: 3a2aa000  ObjectTable: fffff8a006c77c40  HandleCount: <Data Not Accessible>
    Image: SearchIndexer.exe
    VadRoot fffffa80037ce380 Vads 242 Clone 0 Private 1502. Modified 1352. Locked 1.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0069e5930
    ElapsedTime                       2 Days 20:07:06.627
    UserTime                          00:00:00.031
    KernelTime                        00:00:00.109
    QuotaPoolUsage[PagedPool]         173944
    QuotaPoolUsage[NonPagedPool]      31280
    Working Set Sizes (now,min,max)  (3413, 50, 345) (13652KB, 200KB, 1380KB)
    PeakWorkingSetSize                3807
    VirtualSize                       493 Mb
    PeakVirtualSize                   730 Mb
    PageFaultCount                    8551
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      3928

    Setting context for this process...
.process /p /r fffffa80038e6940
                                       
    !peb
PEB at 000007f79c425000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f79ccf0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000423aa919b0 . 0000004245856710
    Ldr.InLoadOrderModuleList:           000000423aa91b10 . 00000042458566f0
    Ldr.InMemoryOrderModuleList:         000000423aa91b20 . 0000004245856700
                    Base TimeStamp                     Module
             7f79ccf0000 505a9407 Sep 20 04:56:55 2012 C:\WINDOWS\system32\SearchIndexer.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7feec6d0000 505a97d5 Sep 20 05:13:09 2012 C:\WINDOWS\system32\TQUERY.DLL
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7feec4c0000 505a937f Sep 20 04:54:39 2012 C:\WINDOWS\system32\MSSRCH.DLL
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7feedb60000 50108a0f Jul 26 01:06:39 2012 C:\WINDOWS\system32\Msidle.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7feefad0000 505a9581 Sep 20 05:03:13 2012 C:\WINDOWS\system32\VSSAPI.DLL
             7feefab0000 505a99e6 Sep 20 05:21:58 2012 C:\WINDOWS\system32\VssTrace.DLL
             7fef3790000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\DSROLE.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll
             7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\cfgmgr32.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll
             7fee9180000 5010823d Jul 26 00:33:17 2012 C:\WINDOWS\System32\NaturalLanguage6.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll
             7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\WINDOWS\system32\elscore.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000423aa90000
    ProcessParameters: 000000423aa91170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\SearchIndexer.exe'
    ImageFile:    'C:\WINDOWS\system32\SearchIndexer.exe'
    CommandLine:  'C:\WINDOWS\system32\SearchIndexer.exe /Embedding'
    DllPath:      '< Name not readable >'
    Environment:  000000423aac5ea0
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
        TMP=C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa800260e700  Cid 0270.0750  Teb: 000007f79c42e000 Win32Thread: fffff901006c9b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80036bfc70  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680789       Ticks: 60339 (0:00:15:41.294)
        Context Switch Count      132            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address SearchIndexer!WinMainCRTStartup (0x000007f79cd16f2c)
        Stack Init fffff8801643fdd0 Current fffff8801643f900
        Base fffff88016440000 Limit fffff8801643a000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b9d080  Cid 0270.047c  Teb: 000007f79c428000 Win32Thread: fffff901006af610 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003254860  SynchronizationEvent
            fffffa800395a460  SynchronizationEvent
            fffffa80038b67a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      34436          Ticks: 15706692 (2:20:03:45.965)
        Context Switch Count      281            IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.078
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88016477dd0 Current fffff88016477180
        Base fffff88016478000 Limit fffff88016472000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e86880  Cid 0270.0454  Teb: 000007f79c426000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80026a0420  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      63311          Ticks: 15677817 (2:19:56:15.512)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88015037dd0 Current fffff88015037900
        Base fffff88015038000 Limit fffff88015032000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003dd9b00  Cid 0270.06d8  Teb: 000007f79c2fe000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003994450  SynchronizationEvent
            fffffa8003d9ecb0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      25664          Ticks: 15715464 (2:20:06:02.809)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88014fc6dd0 Current fffff88014fc6180
        Base fffff88014fc7000 Limit fffff88014fc1000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80027deb00  Cid 0270.0474  Teb: 000007f79c2fc000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800383e380  NotificationEvent
            fffffa8003822860  NotificationEvent
        IRP List:
            fffffa8002d8e010: (0006,01f0) Flags: 00060800  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682394       Ticks: 58734 (0:00:15:16.256)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0)
        Stack Init fffff88015550dd0 Current fffff88015550180
        Base fffff88015551000 Limit fffff8801554b000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039d5b00  Cid 0270.0b84  Teb: 000007f79c2f8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bd14c0  SynchronizationEvent
            fffffa8003f87ec0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740796       Ticks: 332 (0:00:00:05.179)
        Context Switch Count      71             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.046
        Win32 Start Address MSSRCH!CTimerThread::Thread (0x000007feec5139e4)
        Stack Init fffff880164d2dd0 Current fffff880164d2180
        Base fffff880164d3000 Limit fffff880164cd000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80038a8080  Cid 0270.080c  Teb: 000007f79c2f6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80031af3e0  SynchronizationEvent
            fffffa8003fdc6a0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741118       Ticks: 10 (0:00:00:00.156)
        Context Switch Count      341            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address MSSRCH!CBackoffTimerThread::Thread (0x000007feec4c5cc8)
        Stack Init fffff8801557add0 Current fffff8801557a180
        Base fffff8801557b000 Limit fffff88015575000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003f1fb00  Cid 0270.086c  Teb: 000007f79c2f4000 Win32Thread: fffff901006b53a0 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800393fc90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740796       Ticks: 332 (0:00:00:05.179)
        Context Switch Count      719            IdealProcessor: 0             
        UserTime                  00:00:00.249
        KernelTime                00:00:00.046
        Win32 Start Address MSSRCH!CRobotThread::Thread (0x000007feec5626d0)
        Stack Init fffff8801650add0 Current fffff8801650a0f0
        Base fffff8801650b000 Limit fffff88016505000 Call 0
        Priority 8 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003b03080  Cid 0270.08ec  Teb: 000007f79c2f2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f8be90  NotificationEvent
            fffffa8003882380  NotificationEvent
            fffffa8003ee2c50  NotificationEvent
        IRP List:
            fffffa80018ad010: (0006,03e8) Flags: 00060800  Mdl: fffffa8004144300
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740132       Ticks: 996 (0:00:00:15.537)
        Context Switch Count      11133          IdealProcessor: 0             
        UserTime                  00:00:00.499
        KernelTime                00:00:00.499
        Win32 Start Address MSSRCH!CUsnMonitorNotifier::MonitorThreadStatic (0x000007feec55cc48)
        Stack Init fffff88016511dd0 Current fffff88016511180
        Base fffff88016512000 Limit fffff8801650c000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001df9900  Cid 0270.0778  Teb: 000007f79c2f0000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8001c40640  NotificationEvent
        IRP List:
            fffffa800261ed40: (0006,01f0) Flags: 00060900  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740879       Ticks: 249 (0:00:00:03.884)
        Context Switch Count      337            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.000
        Win32 Start Address TQUERY!CThread::_ThreadFunction (0x000007feec7619e0)
        Stack Init fffff880165ffdd0 Current fffff880165ff900
        Base fffff88016600000 Limit fffff880165fa000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80038857c0  Cid 0270.0ee8  Teb: 000007f79c423000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80037a1680  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80038e6940       Image:         SearchIndexer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15708736       Ticks: 32392 (0:00:08:25.318)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015887dd0 Current fffff88015887760
        Base fffff88015888000 Limit fffff88015882000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8001c4b080
    SessionId: 0  Cid: 0ba8    Peb: 7f765435000  ParentCid: 0220
    DirBase: 3c709000  ObjectTable: fffff8a000643200  HandleCount: <Data Not Accessible>
    Image: wmpnetwk.exe
    VadRoot fffffa8003012a20 Vads 151 Clone 0 Private 1119. Modified 1203. Locked 38.
    DeviceMap fffff8a0007b8aa0
    Token                             fffff8a0066c3940
    ElapsedTime                       2 Days 20:05:55.272
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.078
    QuotaPoolUsage[PagedPool]         170680
    QuotaPoolUsage[NonPagedPool]      25888
    Working Set Sizes (now,min,max)  (2099, 50, 345) (8396KB, 200KB, 1380KB)
    PeakWorkingSetSize                4035
    VirtualSize                       83 Mb
    PeakVirtualSize                   86 Mb
    PageFaultCount                    7272
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1441

    Setting context for this process...
.process /p /r fffffa8001c4b080
                                       
    !peb
PEB at 000007f765435000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f765da0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000072b7ae1a70 . 00000072b8d28010
    Ldr.InLoadOrderModuleList:           00000072b7ae1bd0 . 00000072b8d27ff0
    Ldr.InMemoryOrderModuleList:         00000072b7ae1be0 . 00000072b8d28000
                    Base TimeStamp                     Module
             7f765da0000 505a9af1 Sep 20 05:26:25 2012 C:\Program Files\Windows Media Player\wmpnetwk.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef0ec0000 5010a986 Jul 26 03:20:54 2012 C:\WINDOWS\SYSTEM32\WSOCK32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll
             7feec170000 501089f6 Jul 26 01:06:14 2012 C:\WINDOWS\SYSTEM32\Cabinet.dll
             7fef3820000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\SYSTEM32\NETAPI32.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\XmlLite.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\SYSTEM32\srvcli.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\SYSTEM32\wkscli.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\WINSTA.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\SHCORE.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\SYSTEM32\LINKINFO.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\SYSTEM32\apphelp.dll
             7fee97e0000 50108ecf Jul 26 01:26:55 2012 C:\WINDOWS\system32\NetworkExplorer.dll
             7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\SYSTEM32\MPR.dll
             7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll
             7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll
             7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll
             7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll
             7feec6d0000 505a97d5 Sep 20 05:13:09 2012 C:\WINDOWS\system32\tquery.dll
             7fee96d0000 505a923d Sep 20 04:49:17 2012 C:\WINDOWS\SYSTEM32\wmpmde.dll
             7fee9600000 505a965d Sep 20 05:06:53 2012 C:\WINDOWS\SYSTEM32\MFPlat.DLL
             7fef2e30000 505ab36d Sep 20 07:10:53 2012 C:\WINDOWS\SYSTEM32\AVRT.dll
             7fee9c40000 505ab510 Sep 20 07:17:52 2012 C:\WINDOWS\SYSTEM32\mfcore.dll
             7feefcf0000 50108849 Jul 26 00:59:05 2012 C:\WINDOWS\SYSTEM32\ksuser.dll
             7feebc50000 50108abe Jul 26 01:09:34 2012 C:\WINDOWS\SYSTEM32\HTTPAPI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fee9560000 505a937e Sep 20 04:54:38 2012 C:\WINDOWS\system32\WinSATAPI.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\system32\dxgi.dll
             7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll
             7fee9430000 5010adc4 Jul 26 03:39:00 2012 C:\Windows\System32\msmpeg2enc.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\Windows\System32\slc.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\system32\mlang.dll
             7fee9390000 505aa5d5 Sep 20 06:12:53 2012 C:\WINDOWS\System32\StructuredQuery.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\System32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SSPICLI.DLL
             7feeae40000 50108080 Jul 26 00:25:52 2012 C:\WINDOWS\system32\upnphost.dll
             7feeef00000 5010a92b Jul 26 03:19:23 2012 C:\WINDOWS\system32\SSDPAPI.dll
             7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll
             7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll
             7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll
             7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\fastprox.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\Windows\System32\FirewallAPI.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll
             7feec0d0000 5010804c Jul 26 00:25:00 2012 C:\WINDOWS\System32\provsvc.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000072b7ae0000
    ProcessParameters: 00000072b7ae11f0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\Program Files\Windows Media Player\wmpnetwk.exe'
    ImageFile:    'C:\Program Files\Windows Media Player\wmpnetwk.exe'
    CommandLine:  '"C:\Program Files\Windows Media Player\wmpnetwk.exe"'
    DllPath:      '< Name not readable >'
    Environment:  00000072b7af57a0
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\NetworkService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OANOCACHE=1
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\Windows\ServiceProfiles\NetworkService
        windir=C:\WINDOWS


        THREAD fffffa80018a6080  Cid 0ba8.03f8  Teb: 000007f76543e000 Win32Thread: fffff901006ef290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80033e5220  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680789       Ticks: 60339 (0:00:15:41.294)
        Context Switch Count      147            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.046
        Win32 Start Address wmpnetwk!wWinMainCRTStartup (0x000007f765e6d170)
        Stack Init fffff88015ecadd0 Current fffff88015eca900
        Base fffff88015ecb000 Limit fffff88015ec5000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c8e680  Cid 0ba8.0820  Teb: 000007f765438000 Win32Thread: fffff901006f5010 WAIT: (UserRequest) UserMode Alertable
            fffffa8001d4b860  SynchronizationEvent
            fffffa8001ca5130  SynchronizationEvent
            fffffa8001d4d740  NotificationEvent
            fffffa8003818f20  SynchronizationEvent
            fffffa8003ea24e0  SynchronizationEvent
            fffffa8003e03140  SynchronizationEvent
            fffffa8001c09420  SynchronizationEvent
            fffffa8003ea2460  SynchronizationEvent
            fffffa8003863310  SynchronizationEvent
        IRP List:
            fffffa8003704c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682130       Ticks: 58998 (0:00:15:20.374)
        Context Switch Count      727            IdealProcessor: 0             
        UserTime                  00:00:00.140
        KernelTime                00:00:00.062
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff88016565dd0 Current fffff88016565180
        Base fffff88016566000 Limit fffff88016560000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001ca1b00  Cid 0ba8.05f4  Teb: 000007f76530e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c0ad30  SynchronizationEvent
            fffffa8001c0acb0  SynchronizationEvent
            fffffa8003982ce0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      27465          Ticks: 15713663 (2:20:05:34.713)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wmpnetwk!ATL::CWorkerThread<ATL::Win32ThreadTraits>::_WorkerThreadProc (0x000007f765de565c)
        Stack Init fffff880154e1dd0 Current fffff880154e1180
        Base fffff880154e2000 Limit fffff880154dc000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cd9800  Cid 0ba8.07f4  Teb: 000007f76530c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c11c50  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      27466          Ticks: 15713662 (2:20:05:34.698)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wmpnetwk!CHMESharedLibraryMonitor::_RegistryWatchProc (0x000007f765e1e828)
        Stack Init fffff88015478dd0 Current fffff88015478900
        Base fffff88015479000 Limit fffff88015473000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c55b00  Cid 0ba8.033c  Teb: 000007f76530a000 Win32Thread: fffff901006f2710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bf3db0  SynchronizationEvent
            fffffa8003bdea28  NotificationEvent
            fffffa8003db1798  NotificationEvent
        IRP List:
            fffffa80018cac10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682395       Ticks: 58733 (0:00:15:16.240)
        Context Switch Count      818            IdealProcessor: 0             
        UserTime                  00:00:00.655
        KernelTime                00:00:00.468
        Win32 Start Address wmpnetwk!CHMELibraryPathMonitor::_FolderWatchProc (0x000007f765e1f45c)
        Stack Init fffff880154e8dd0 Current fffff880154e8180
        Base fffff880154e9000 Limit fffff880154e3000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cc3080  Cid 0ba8.055c  Teb: 000007f765306000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8001c89ac0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      28059          Ticks: 15713069 (2:20:05:25.447)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015f2cdd0 Current fffff88015f2c7a0
        Base fffff88015f2d000 Limit fffff88015f27000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cc3700  Cid 0ba8.05dc  Teb: 000007f765304000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001c89a00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      28062          Ticks: 15713066 (2:20:05:25.400)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015045dd0 Current fffff88015045760
        Base fffff88015046000 Limit fffff88015040000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c73b00  Cid 0ba8.06b0  Teb: 000007f765302000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c85e10  NotificationEvent
            fffffa8001c85e90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15683120       Ticks: 58008 (0:00:15:04.930)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wmpnetwk!CRMELibraryInfoResponder::_RefreshPortsThread (0x000007f765e3d394)
        Stack Init fffff88015f4fdd0 Current fffff88015f4f180
        Base fffff88015f50000 Limit fffff88015f4a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d7f080  Cid 0ba8.0ad4  Teb: 000007f7652fa000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001d81460  NotificationEvent
            fffffa8001c6e960  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740879       Ticks: 249 (0:00:00:03.884)
        Context Switch Count      397            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address tquery!CRowsetAsynchNotification::_NotifyThread (0x000007feec7718e8)
        Stack Init fffff88016334dd0 Current fffff88016334180
        Base fffff88016335000 Limit fffff8801632f000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800419c9c0  Cid 0ba8.03dc  Teb: 000007f765308000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dc8b80  QueueObject
        IRP List:
            fffffa8001c62230: (0006,0118) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15692903       Ticks: 48225 (0:00:12:32.314)
        Context Switch Count      411            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880170b5dd0 Current fffff880170b5760
        Base fffff880170b6000 Limit fffff880170b0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001df5080  Cid 0ba8.0cb8  Teb: 000007f765300000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003dc8b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a0007b8aa0
        Owning Process            fffffa8001c4b080       Image:         wmpnetwk.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679441       Ticks: 61687 (0:00:16:02.323)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017580dd0 Current fffff88017580760
        Base fffff88017581000 Limit fffff8801757b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8001d07940
    SessionId: 1  Cid: 0acc    Peb: 7f68f055000  ParentCid: 0ae4
    DirBase: 3b81b000  ObjectTable: 00000000  HandleCount:   0.
    Image: explorer.exe
    VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 11652. Locked 0.
    DeviceMap fffff8a006b36d60
    Token                             fffff8a001380060
    ElapsedTime                       2 Days 20:05:20.434
    UserTime                          00:00:02.698
    KernelTime                        00:00:02.808
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (5, 50, 345) (20KB, 200KB, 1380KB)
    PeakWorkingSetSize                26782
    VirtualSize                       0 Mb
    PeakVirtualSize                   513 Mb
    PageFaultCount                    64065
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      0

    Setting context for this process...
.process /p /r fffffa8001d07940
                                       
    !peb
PEB at 000007f68f055000
error 1 InitTypeRead( nt!_PEB at 000007f68f055000)...


No active threads

PROCESS fffffa8001f4b940
    SessionId: 2  Cid: 0a3c    Peb: 7f6a5f5f000  ParentCid: 011c
    DirBase: 604c7000  ObjectTable: 00000000  HandleCount:   0.
    Image: smss.exe
    VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 16. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a001ae65e0
    ElapsedTime                       2 Days 19:55:57.065
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         1088
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (5, 50, 345) (20KB, 200KB, 1380KB)
    PeakWorkingSetSize                158
    VirtualSize                       0 Mb
    PeakVirtualSize                   5 Mb
    PageFaultCount                    156
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      0

    Setting context for this process...
.process /p /r fffffa8001f4b940
                                       
    !peb
PEB at 000007f6a5f5f000
error 1 InitTypeRead( nt!_PEB at 000007f6a5f5f000)...


No active threads

PROCESS fffffa80020b0080
    SessionId: 2  Cid: 0cdc    Peb: 7f768c3f000  ParentCid: 0a3c
    DirBase: 5e728000  ObjectTable: fffff8a0035fd400  HandleCount: <Data Not Accessible>
    Image: csrss.exe
    VadRoot fffffa800215e1b0 Vads 92 Clone 0 Private 251. Modified 3384. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a00353a060
    ElapsedTime                       2 Days 19:55:56.909
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.795
    QuotaPoolUsage[PagedPool]         150264
    QuotaPoolUsage[NonPagedPool]      18688
    Working Set Sizes (now,min,max)  (1068, 50, 345) (4272KB, 200KB, 1380KB)
    PeakWorkingSetSize                9535
    VirtualSize                       57 Mb
    PeakVirtualSize                   61 Mb
    PageFaultCount                    99816
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      442

    Setting context for this process...
.process /p /r fffffa80020b0080
                                       
    !peb
PEB at 000007f768c3f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7697f0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000005c8d171680 . 0000005c8d18a990
    Ldr.InLoadOrderModuleList:           0000005c8d1717e0 . 0000005c8d18adf0
    Ldr.InMemoryOrderModuleList:         0000005c8d1717f0 . 0000005c8d18ae00
                    Base TimeStamp                     Module
             7f7697f0000 5010ac39 Jul 26 03:32:25 2012 C:\WINDOWS\system32\csrss.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef4e80000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\CSRSRV.dll
             7fef4e60000 5010ac2a Jul 26 03:32:10 2012 C:\WINDOWS\system32\basesrv.DLL
             7fef4e20000 505a9a3c Sep 20 05:23:24 2012 C:\WINDOWS\system32\winsrv.DLL
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\SYSTEM32\kernelbase.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\SYSTEM32\kernel32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef4e10000 5010aa9e Jul 26 03:25:34 2012 C:\WINDOWS\system32\sxssrv.DLL
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\system32\sxs.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000005c8d170000
    ProcessParameters: 0000005c8d170d00
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  '< Name not readable >'
    ImageFile:    'C:\WINDOWS\system32\csrss.exe'
    CommandLine:  '%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16'
    DllPath:      '< Name not readable >'
    Environment:  0000005c8d170860
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        windir=C:\WINDOWS


        THREAD fffffa8001c22080  Cid 0cdc.03d8  Teb: 000007f768c3b000 Win32Thread: fffff901000bab90 WAIT: (WrLpcReply) UserMode Non-Alertable
            fffffa8001c22428  Semaphore Limit 0x1
        Waiting for reply to ALPC Message fffff8a00311e770 : queued at port fffffa8003781330 : owned by process fffffa8003740540
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680789       Ticks: 60339 (0:00:15:41.294)
        Context Switch Count      136            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address winsrv!TerminalServerRequestThread (0x000007fef4e21cb0)
        Stack Init fffff880170aedd0 Current fffff880170ae660
        Base fffff880170af000 Limit fffff880170a9000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002126b00  Cid 0cdc.0a20  Teb: 000007f768c39000 Win32Thread: fffff90100661b90 WAIT: (UserRequest) UserMode Alertable
            fffffa80018936a0  SynchronizationEvent
            fffffa8001fb3fe0  SynchronizationEvent
            fffffa80033e2ee0  SynchronizationEvent
            fffffa80033ee280  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680790       Ticks: 60338 (0:00:15:41.278)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.358
        Win32 Start Address winsrv!NotificationThread (0x000007fef4e21630)
        Stack Init fffff880165a6dd0 Current fffff880165a6180
        Base fffff880165a7000 Limit fffff880165a1000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f57080  Cid 0cdc.0a04  Teb: 000007f768c35000 Win32Thread: fffff901000b7220 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8001f57428  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741024       Ticks: 104 (0:00:00:01.622)
        Context Switch Count      328            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.093
        Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c)
        Stack Init fffff88017045dd0 Current fffff88017045750
        Base fffff88017046000 Limit fffff88017040000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80021a5b00  Cid 0cdc.0a84  Teb: 000007f768c33000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa80021a5ea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65253          Ticks: 15675875 (2:19:55:45.217)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address CSRSRV!CsrSbApiRequestThread (0x000007fef4e83d10)
        Stack Init fffff880165addd0 Current fffff880165ad7a0
        Base fffff880165ae000 Limit fffff880165a8000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800207fb00  Cid 0cdc.0e6c  Teb: 000007f768c3d000 Win32Thread: fffff90100755680 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa800207fea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741089       Ticks: 39 (0:00:00:00.608)
        Context Switch Count      343            IdealProcessor: 0             
        UserTime                  00:00:00.078
        KernelTime                00:00:00.046
        Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c)
        Stack Init fffff880171e7dd0 Current fffff880171e7750
        Base fffff880171e8000 Limit fffff880171e2000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80021ca080  Cid 0cdc.0868  Teb: 000007f768b0e000 Win32Thread: fffff901001a9b90 WAIT: (WrUserRequest) KernelMode Alertable
            fffffa80020e4cb0  SynchronizationEvent
            fffffa8001e4ea00  NotificationTimer
            fffffa8003de3c00  SynchronizationTimer
            fffffa8001990080  SynchronizationEvent
        IRP List:
            fffffa800267c6a0: (0006,0478) Flags: 00060970  Mdl: 00000000
            fffffa80021bdc10: (0006,03e8) Flags: 00060900  Mdl: fffffa8002c89a60
            fffffa8002137c10: (0006,03e8) Flags: 00060900  Mdl: fffffa8003e0b1a0
            fffffa8001ed1b40: (0006,04c0) Flags: 00060900  Mdl: fffffa80037d1010
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      47974          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.577
        Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0)
        Stack Init fffff8801718edd0 Current fffff8801718e810
        Base fffff8801718f000 Limit fffff88017189000 Call 0
        Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800419ab00  Cid 0cdc.0bfc  Teb: 000007f768b0c000 Win32Thread: fffff901001af850 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8002dd7320  SynchronizationEvent
            fffffa8003f11640  SynchronizationEvent
            fffffa80020fc060  SynchronizationEvent
        IRP List:
            fffffa8003f3dab0: (0006,0550) Flags: 00060970  Mdl: 00000000
            fffffa8002599b80: (0006,0478) Flags: 00060970  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      45172          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:01.965
        Win32 Start Address winsrv!StartCreateSystemThreads (0x000007fef4e22bd0)
        Stack Init fffff88017318dd0 Current fffff880173187e0
        Base fffff88017319000 Limit fffff88017313000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80041b2b00  Cid 0cdc.0e94  Teb: 000007f768b0a000 Win32Thread: fffff901000ec4d0 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa80041b2ea8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740890       Ticks: 238 (0:00:00:03.712)
        Context Switch Count      299            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.046
        Win32 Start Address CSRSRV!CsrApiRequestThread (0x000007fef4e84a3c)
        Stack Init fffff88017378dd0 Current fffff88017378750
        Base fffff88017379000 Limit fffff88017373000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003625080  Cid 0cdc.0344  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff8801503eb90  NotificationTimer
            fffffa8003db3180  SynchronizationEvent
            fffffa8003dd9820  SynchronizationEvent
            fffffa8002c46b60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741127       Ticks: 1 (0:00:00:00.015)
        Context Switch Count      15913          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.530
        Win32 Start Address cdd!PresentWorkerThread (0xfffff960008a95e8)
        Stack Init fffff8801503edd0 Current fffff8801503e820
        Base fffff8801503f000 Limit fffff88015039000 Call 0
        Priority 14 BasePriority 14 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80033cc080  Cid 0cdc.0d0c  Teb: 000007f768b08000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa80033cc428  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa80020b0080       Image:         csrss.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65556          Ticks: 15675572 (2:19:55:40.490)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address winsrv!AutoRotationRequestThread (0x000007fef4e21910)
        Stack Init fffff88017267dd0 Current fffff88017267750
        Base fffff88017268000 Limit fffff88017262000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa800417d940
    SessionId: 2  Cid: 0a28    Peb: 7f66fc54000  ParentCid: 0a3c
    DirBase: 6d36d000  ObjectTable: fffff8a00192a600  HandleCount: <Data Not Accessible>
    Image: winlogon.exe
    VadRoot fffffa80038c8e30 Vads 54 Clone 0 Private 184. Modified 1018. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a006dc9b00
    ElapsedTime                       2 Days 19:55:55.536
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.015
    QuotaPoolUsage[PagedPool]         102496
    QuotaPoolUsage[NonPagedPool]      7040
    Working Set Sizes (now,min,max)  (1170, 50, 345) (4680KB, 200KB, 1380KB)
    PeakWorkingSetSize                2185
    VirtualSize                       46 Mb
    PeakVirtualSize                   67 Mb
    PageFaultCount                    2802
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      291

    Setting context for this process...
.process /p /r fffffa800417d940
                                       
    !peb
PEB at 000007f66fc54000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f670420000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000596b721500 . 000000596b72c4a0
    Ldr.InLoadOrderModuleList:           000000596b721660 . 000000596b72c480
    Ldr.InMemoryOrderModuleList:         000000596b721670 . 000000596b72c490
                    Base TimeStamp                     Module
             7f670420000 505a996c Sep 20 05:19:56 2012 C:\WINDOWS\System32\WinLogon.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\System32\samcli.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\System32\WINSTA.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\System32\WTSAPI32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7fef3d70000 505ab02f Sep 20 06:57:03 2012 C:\WINDOWS\System32\UXINIT.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.DLL
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SspiCli.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\System32\MPR.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000596b720000
    ProcessParameters: 000000596b720d00
    CurrentDirectory:  'C:\WINDOWS\System32\'
    WindowTitle:  '< Name not readable >'
    ImageFile:    'C:\WINDOWS\System32\WinLogon.exe'
    CommandLine:  'C:\WINDOWS\System32\WinLogon.exe -SpecialSession'
    DllPath:      '< Name not readable >'
    Environment:  000000596b72e4a0
        ALLUSERSPROFILE=C:\ProgramData
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8002112b00  Cid 0a28.0520  Teb: 000007f66fc5e000 Win32Thread: fffff901000b8360 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003fcb740  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800417d940       Image:         winlogon.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681145       Ticks: 59983 (0:00:15:35.740)
        Context Switch Count      375            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.327
        Win32 Start Address WinLogon!WinMainCRTStartup (0x000007f670437010)
        Stack Init fffff8801706fdd0 Current fffff8801706f900
        Base fffff88017070000 Limit fffff8801706a000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f2bb00  Cid 0a28.0d98  Teb: 000007f66fc5a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003013100  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800417d940       Image:         winlogon.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65543          Ticks: 15675585 (2:19:55:40.693)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017241dd0 Current fffff88017241760
        Base fffff88017242000 Limit fffff8801723c000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c20b00  Cid 0a28.0bcc  Teb: 000007f66fb2e000 Win32Thread: fffff901000eeb90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003977b80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800417d940       Image:         winlogon.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680821       Ticks: 60307 (0:00:15:40.795)
        Context Switch Count      134            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801737fdd0 Current fffff8801737f760
        Base fffff88017380000 Limit fffff8801737a000 Call 0
        Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8001f413c0
    SessionId: 2  Cid: 0dac    Peb: 7f7df883000  ParentCid: 0a28
    DirBase: 38e80000  ObjectTable: 00000000  HandleCount:   0.
    Image: LogonUI.exe
    VadRoot 0000000000000000 Vads 0 Clone 0 Private 6. Modified 371. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a007f0fb00
    ElapsedTime                       2 Days 19:55:53.967
    UserTime                          00:00:00.202
    KernelTime                        00:00:00.140
    QuotaPoolUsage[PagedPool]         2448
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (5, 50, 345) (20KB, 200KB, 1380KB)
    PeakWorkingSetSize                7373
    VirtualSize                       0 Mb
    PeakVirtualSize                   229 Mb
    PageFaultCount                    9442
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      0

    Setting context for this process...
.process /p /r fffffa8001f413c0
                                       
    !peb
PEB at 000007f7df883000
error 1 InitTypeRead( nt!_PEB at 000007f7df883000)...


No active threads

PROCESS fffffa8002109940
    SessionId: 2  Cid: 06f8    Peb: 7f7f6aa3000  ParentCid: 0a28
    DirBase: 6f209000  ObjectTable: fffff8a001ea0e40  HandleCount: <Data Not Accessible>
    Image: dwm.exe
    VadRoot fffffa8002698970 Vads 139 Clone 0 Private 3052. Modified 6608. Locked 623.
    DeviceMap fffff8a001f34aa0
    Token                             fffff8a00193f9b0
    ElapsedTime                       2 Days 19:55:53.967
    UserTime                          00:00:00.171
    KernelTime                        00:00:00.078
    QuotaPoolUsage[PagedPool]         306440
    QuotaPoolUsage[NonPagedPool]      17856
    Working Set Sizes (now,min,max)  (6437, 50, 345) (25748KB, 200KB, 1380KB)
    PeakWorkingSetSize                9820
    VirtualSize                       176 Mb
    PeakVirtualSize                   254 Mb
    PageFaultCount                    45073
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      13202

    Setting context for this process...
.process /p /r fffffa8002109940
                                       
    !peb
PEB at 000007f7f6aa3000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7f6f40000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000cd54841800 . 000000cd57ebee00
    Ldr.InLoadOrderModuleList:           000000cd54841960 . 000000cd57ebede0
    Ldr.InMemoryOrderModuleList:         000000cd54841970 . 000000cd57ebedf0
                    Base TimeStamp                     Module
             7f7f6f40000 505a9726 Sep 20 05:10:14 2012 C:\WINDOWS\System32\dwm.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.dll
             7fef3520000 505a999e Sep 20 05:20:46 2012 C:\WINDOWS\System32\dwmredir.dll
             7fef2c00000 505a9729 Sep 20 05:10:17 2012 C:\WINDOWS\System32\dwmcore.dll
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\System32\dcomp.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\System32\WindowsCodecs.dll
             7fef1b90000 501087bd Jul 26 00:56:45 2012 C:\WINDOWS\System32\d3d10_1.dll
             7fef1090000 501087ec Jul 26 00:57:32 2012 C:\WINDOWS\System32\d3d10_1core.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\System32\dxgi.dll
             7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\System32\d3d11.dll
             7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\System32\igd10umd64.dll
             7feeff50000 505a95fa Sep 20 05:05:14 2012 C:\WINDOWS\System32\uDWM.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\System32\slc.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll
             7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\System32\d2d1.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\XmlLite.dll
             7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\System32\d3d10warp.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000cd54840000
    ProcessParameters: 000000cd54841030
    CurrentDirectory:  'C:\WINDOWS\System32\'
    WindowTitle:  'dwm.exe'
    ImageFile:    'C:\WINDOWS\System32\dwm.exe'
    CommandLine:  ' -hiberboot'
    DllPath:      '< Name not readable >'
    Environment:  000000cd54840860
        ALLUSERSPROFILE=C:\ProgramData
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERNAME=SYSTEM
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa80020c9b00  Cid 06f8.06c4  Teb: 000007f7f6aae000 Win32Thread: fffff90100668710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040a7c60  SynchronizationEvent
            fffffa800413ac40  SynchronizationEvent
            fffffa80038b18c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15686357       Ticks: 54771 (0:00:14:14.433)
        Context Switch Count      116            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address dwm!WinMainStartup (0x000007f7f6f45de0)
        Stack Init fffff88017363dd0 Current fffff88017363180
        Base fffff88017364000 Limit fffff8801735e000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001db2740  Cid 06f8.00c4  Teb: 000007f7f6aaa000 Win32Thread: fffff90100664b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002761a30  Semaphore Limit 0x7fffffff
            fffffa80031ab3c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      17216          IdealProcessor: 0             
        UserTime                  00:00:00.249
        KernelTime                00:00:00.327
        Win32 Start Address dwm!CPortBase::PortThread (0x000007f7f6f44380)
        Stack Init fffff8801705add0 Current fffff8801705a180
        Base fffff8801705b000 Limit fffff88017055000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e3f680  Cid 06f8.0f30  Teb: 000007f7f6aa4000 Win32Thread: fffff9010060bb90 WAIT: (UserRequest) KernelMode Alertable
            fffffa8003ed20f0  NotificationEvent
            fffffa8003feafe0  NotificationEvent
            fffffa8003896670  NotificationEvent
            fffffa8002670e60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741122       Ticks: 6 (0:00:00:00.093)
        Context Switch Count      8229           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.109
        Win32 Start Address dwmcore!CLocalSurfaceManager::s_TokenThreadMain (0x000007fef2c98060)
        Stack Init fffff88016431dd0 Current fffff88016430ce0
        Base fffff88016432000 Limit fffff8801642c000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001cc4b00  Cid 06f8.0960  Teb: 000007f7f6aa8000 Win32Thread: fffff9010060cb90 WAIT: (UserRequest) KernelMode Non-Alertable
            fffffa8003fe6318  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      14600          IdealProcessor: 0             
        UserTime                  00:00:05.725
        KernelTime                00:00:02.652
        Win32 Start Address dwmcore!CPartitionThread::ThreadMain (0x000007fef2c969b0)
        Stack Init fffff88016423dd0 Current fffff88016423600
        Base fffff88016424000 Limit fffff8801641e000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d01080  Cid 06f8.0d08  Teb: 000007f7f6aa6000 Win32Thread: fffff901001fa830 WAIT: (UserRequest) UserMode Alertable
            fffffa8002dfc460  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15730707       Ticks: 10421 (0:00:02:42.568)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address uDWM!CDesktopManager::DwmEventThreadProc (0x000007feeff5e3d0)
        Stack Init fffff8801627edd0 Current fffff8801627e0f0
        Base fffff8801627f000 Limit fffff88016279000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e75680  Cid 06f8.0600  Teb: 000007f7f697c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001dde1c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a001f34aa0
        Owning Process            fffffa8002109940       Image:         dwm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15698397       Ticks: 42731 (0:00:11:06.607)
        Context Switch Count      76             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880170dfdd0 Current fffff880170df760
        Base fffff880170e0000 Limit fffff880170da000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8002cf71c0
    SessionId: 2  Cid: 02a0    Peb: 7f7ccb0e000  ParentCid: 0220
    DirBase: 0f530000  ObjectTable: fffff8a006786500  HandleCount: <Data Not Accessible>
    Image: taskhostex.exe
    VadRoot fffffa8002199f80 Vads 236 Clone 0 Private 1375. Modified 234. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a007e27060
    ElapsedTime                       00:15:41.330
    UserTime                          00:00:00.577
    KernelTime                        00:00:00.296
    QuotaPoolUsage[PagedPool]         204128
    QuotaPoolUsage[NonPagedPool]      34656
    Working Set Sizes (now,min,max)  (3438, 50, 345) (13752KB, 200KB, 1380KB)
    PeakWorkingSetSize                3847
    VirtualSize                       243 Mb
    PeakVirtualSize                   246 Mb
    PageFaultCount                    7514
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      1826
    Job                               fffffa8002cfa260

    Setting context for this process...
.process /p /r fffffa8002cf71c0
                                       
    !peb
PEB at 000007f7ccb0e000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7cd6a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000010583819f0 . 00000010583b6400
    Ldr.InLoadOrderModuleList:           0000001058381b50 . 00000010583b63e0
    Ldr.InMemoryOrderModuleList:         0000001058381b60 . 00000010583b63f0
                    Base TimeStamp                     Module
             7f7cd6a0000 505a9a09 Sep 20 05:22:33 2012 C:\WINDOWS\system32\taskhostex.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef3630000 5010a6c7 Jul 26 03:09:11 2012 C:\WINDOWS\System32\PlaySndSrv.dll
             7fef3510000 5010a4dd Jul 26 03:01:01 2012 C:\WINDOWS\system32\MsCtfMonitor.dll
             7feec440000 5010a965 Jul 26 03:20:21 2012 C:\WINDOWS\system32\MSUTB.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\wininet.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef1070000 501086a8 Jul 26 00:52:08 2012 C:\WINDOWS\system32\WINMM.dll
             7feedb10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\system32\WINMMBASE.dll
             7feefd40000 50109e21 Jul 26 02:32:17 2012 C:\Program Files\Internet Explorer\sqmapi.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\system32\POWRPROF.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SspiCli.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000001058380000
    ProcessParameters: 00000010583811e0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\taskhostex.exe'
    ImageFile:    'C:\WINDOWS\system32\taskhostex.exe'
    CommandLine:  'taskhostex.exe '
    DllPath:      '< Name not readable >'
    Environment:  0000001058380860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa800374a700  Cid 02a0.0980  Teb: 000007f7ccb0c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e37f20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680792       Ticks: 60336 (0:00:15:41.247)
        Context Switch Count      26             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address taskhostex!wWinMainCRTStartup (0x000007f7cd6a9608)
        Stack Init fffff880163b6dd0 Current fffff880163b6900
        Base fffff880163b7000 Limit fffff880163b1000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039bbb00  Cid 02a0.0f48  Teb: 000007f7ccb08000 Win32Thread: fffff901000ecb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e1b3c0  NotificationEvent
            fffffa8003ec84c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15687600       Ticks: 53528 (0:00:13:55.042)
        Context Switch Count      126            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskhostex!ComTaskMgrWnd::MsgPumpThreadProc (0x000007f7cd6a458c)
        Stack Init fffff880171aadd0 Current fffff880171aa180
        Base fffff880171ab000 Limit fffff880171a5000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80030af080  Cid 02a0.0ba0  Teb: 000007f7cc9da000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800276c5f0  NotificationEvent
            fffffa8003f553e0  NotificationEvent
        IRP List:
            fffffa8001c26010: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8001d7b010: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8001d4aaf0: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8003f8c310: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8001de9c10: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa80040dcb10: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8003f2fee0: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa80038bb420: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa80037cd590: (0006,0118) Flags: 00060070  Mdl: 00000000
            fffffa8003f49010: (0006,0118) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15680792       Ticks: 60336 (0:00:15:41.247)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address PlaySndSrv!CBeepRedirector::WorkThread (0x000007fef36325d8)
        Stack Init fffff8801720add0 Current fffff8801720a180
        Base fffff8801720b000 Limit fffff88017205000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80031e7080  Cid 02a0.074c  Teb: 000007f7cc9d8000 Win32Thread: fffff9010064a710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002771140  NotificationEvent
            fffffa8003931250  NotificationEvent
            fffffa8001df6490  NotificationEvent
            fffffa8001c81320  NotificationEvent
            fffffa8001cce1e0  NotificationEvent
            fffffa8001ceb320  NotificationEvent
            fffffa8001c94570  NotificationEvent
            fffffa8001c5d710  NotificationEvent
            fffffa8001f96370  NotificationEvent
            fffffa8001d0f2f0  NotificationEvent
            fffffa8004122ee0  NotificationEvent
            fffffa8002df1880  NotificationEvent
            fffffa80032553e0  SynchronizationEvent
            fffffa800210fd60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15687600       Ticks: 53528 (0:00:13:55.042)
        Context Switch Count      53             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address MsCtfMonitor!MsCtfMonitor::ThreadProc (0x000007fef3512210)
        Stack Init fffff88017203dd0 Current fffff88017203180
        Base fffff88017204000 Limit fffff880171fe000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001cea840  Cid 02a0.0958  Teb: 000007f7ccb04000 Win32Thread: fffff90100642b90 WAIT: (WrLpcReceive) UserMode Non-Alertable
            fffffa8001ceabe8  Semaphore Limit 0x1
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      797            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address MSCTF!CCtfServerPort::StaticServerThread (0x000007fef5d44c84)
        Stack Init fffff880171d2dd0 Current fffff880171d2750
        Base fffff880171d3000 Limit fffff880171cd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800412a5c0  Cid 02a0.0d70  Teb: 000007f7cc9de000 Win32Thread: fffff90100648610 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa800385bc60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740914       Ticks: 214 (0:00:00:03.338)
        Context Switch Count      214            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address WINMM!mciwindow (0x000007fef1071130)
        Stack Init fffff8801726edd0 Current fffff8801726e5f0
        Base fffff8801726f000 Limit fffff88017269000 Call 0
        Priority 12 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002cfab00  Cid 02a0.00dc  Teb: 000007f7cc9d6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80041a35c0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15681194       Ticks: 59934 (0:00:15:34.976)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88017507dd0 Current fffff88017507900
        Base fffff88017508000 Limit fffff88017502000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003ffa900  Cid 02a0.0644  Teb: 000007f7cc9d0000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003b61500  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736636       Ticks: 4492 (0:00:01:10.075)
        Context Switch Count      540            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff88015f1edd0 Current fffff88015f1e7a0
        Base fffff88015f1f000 Limit fffff88015f19000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80036d9040  Cid 02a0.0c14  Teb: 000007f7cc9dc000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003888240  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736512       Ticks: 4616 (0:00:01:12.010)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003027dd0 Current fffff88003027760
        Base fffff88003028000 Limit fffff88003022000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002685440  Cid 02a0.0e70  Teb: 000007f7cc9d4000 Win32Thread: fffff901042861b0 WAIT: (WrQueue) UserMode Alertable
            fffffa8003888240  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737277       Ticks: 3851 (0:00:01:00.075)
        Context Switch Count      22             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e14dd0 Current fffff88014e14760
        Base fffff88014e15000 Limit fffff88014e0f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d6f700  Cid 02a0.0da8  Teb: 000007f7cc9ce000 Win32Thread: fffff901042b3b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003888240  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cf71c0       Image:         taskhostex.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740914       Ticks: 214 (0:00:00:03.338)
        Context Switch Count      43             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e30dd0 Current fffff88014e30760
        Base fffff88014e31000 Limit fffff88014e2b000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003ed3600
    SessionId: 2  Cid: 0d68    Peb: 7f68f17f000  ParentCid: 0824
    DirBase: 40d5c000  ObjectTable: fffff8a006897040  HandleCount: <Data Not Accessible>
    Image: explorer.exe
    VadRoot fffffa8002d30260 Vads 865 Clone 0 Private 7319. Modified 4136. Locked 5209.
    DeviceMap fffff8a000290b20
    Token                             fffff8a006b5a8c0
    ElapsedTime                       00:15:40.752
    UserTime                          00:00:00.514
    KernelTime                        00:00:00.842
    QuotaPoolUsage[PagedPool]         1287264
    QuotaPoolUsage[NonPagedPool]      124288
    Working Set Sizes (now,min,max)  (117592, 50, 345) (470368KB, 200KB, 1380KB)
    PeakWorkingSetSize                118144
    VirtualSize                       545 Mb
    PeakVirtualSize                   548 Mb
    PageFaultCount                    244272
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      8899

    Setting context for this process...
.process /p /r fffffa8003ed3600
                                       
    !peb
PEB at 000007f68f17f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f68f660000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000000000c81a30 . 000000001151aeb0
    Ldr.InLoadOrderModuleList:           0000000000c81b90 . 000000001151ae90
    Ldr.InMemoryOrderModuleList:         0000000000c81ba0 . 000000001151aea0
                    Base TimeStamp                     Module
             7f68f660000 50107dbc Jul 26 00:14:04 2012 C:\WINDOWS\Explorer.EXE
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\SHCORE.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\SYSTEM32\UxTheme.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SspiCli.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll
             7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\SYSTEM32\DUI70.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\Comctl32.dll
             7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\SYSTEM32\DUser.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\SYSTEM32\wkscli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll
             7fef2a40000 5010809d Jul 26 00:26:21 2012 C:\WINDOWS\SYSTEM32\SndVolSSO.DLL
             7fef4070000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\SYSTEM32\HID.DLL
             7fef25f0000 505a994b Sep 20 05:19:23 2012 C:\WINDOWS\System32\MMDevApi.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll
             7fee78a0000 50108d4c Jul 26 01:20:28 2012 C:\WINDOWS\system32\explorerframe.dll
             7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\WINDOWS\SYSTEM32\LINKINFO.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\SYSTEM32\apphelp.dll
             7fef26b0000 50108ae9 Jul 26 01:10:17 2012 C:\WINDOWS\System32\shdocvw.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\SYSTEM32\WINSTA.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\Windows\System32\XmlLite.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
             7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\Windows\System32\twinui.dll
             7fef0030000 50108240 Jul 26 00:33:20 2012 C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\SYSTEM32\WTSAPI32.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll
             7feeb690000 505a958e Sep 20 05:03:26 2012 C:\WINDOWS\System32\wpncore.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\SYSTEM32\slc.dll
             7fef0c10000 5010a631 Jul 26 03:06:41 2012 C:\WINDOWS\SYSTEM32\sppc.dll
             7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\system32\dwrite.dll
             7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll
             7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll
             7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\SYSTEM32\igd10umd64.dll
             7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll
             7feea8a0000 50108740 Jul 26 00:54:40 2012 C:\WINDOWS\System32\IDStore.dll
             7feea620000 501081c6 Jul 26 00:31:18 2012 C:\WINDOWS\System32\wlidprov.dll
             7feed830000 501080ee Jul 26 00:27:42 2012 C:\Windows\System32\thumbcache.dll
             7fef2670000 50108012 Jul 26 00:24:02 2012 C:\Windows\System32\InputSwitch.dll
             7fef2e40000 5010a2a5 Jul 26 02:51:33 2012 C:\WINDOWS\SYSTEM32\elscore.dll
             7fef2fa0000 5010a9c6 Jul 26 03:21:58 2012 C:\WINDOWS\system32\ElsLad.dll
             7fef1130000 50108750 Jul 26 00:54:56 2012 C:\WINDOWS\SYSTEM32\UIAutomationCore.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\Bcrypt.dll
             7fef3610000 501089a5 Jul 26 01:04:53 2012 C:\WINDOWS\SYSTEM32\windows.globalization.fontgroups.dll
             7fee8200000 505a91b3 Sep 20 04:46:59 2012 C:\WINDOWS\system32\authui.dll
             7feec1d0000 50107fc9 Jul 26 00:22:49 2012 C:\WINDOWS\system32\stobject.dll
             7fef1790000 505ab1e6 Sep 20 07:04:22 2012 C:\WINDOWS\system32\BatMeter.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\SYSTEM32\SAMLIB.dll
             7feefc90000 50107eb2 Jul 26 00:18:10 2012 C:\WINDOWS\system32\SettingSyncInfo.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\SYSTEM32\wlanapi.dll
             7feef950000 501089d7 Jul 26 01:05:43 2012 C:\WINDOWS\SYSTEM32\wcmapi.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7fef1450000 505a9285 Sep 20 04:50:29 2012 C:\WINDOWS\System32\wpnprv.dll
             7fef2660000 501089f9 Jul 26 01:06:17 2012 C:\WINDOWS\SYSTEM32\TimeBrokerClient.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef3570000 50108647 Jul 26 00:50:31 2012 C:\WINDOWS\system32\es.dll
             7fef13d0000 501097cc Jul 26 02:05:16 2012 C:\WINDOWS\system32\prnfldr.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV
             7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\SYSTEM32\DPAPI.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0f70000 50108147 Jul 26 00:29:11 2012 C:\WINDOWS\System32\shacct.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\SYSTEM32\samcli.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feeb960000 50108eb7 Jul 26 01:26:31 2012 C:\WINDOWS\system32\dxp.dll
             7fef2f80000 5010a280 Jul 26 02:50:56 2012 C:\WINDOWS\system32\Syncreg.dll
             7feeb8e0000 505a97c3 Sep 20 05:12:51 2012 C:\WINDOWS\SYSTEM32\AUDIOSES.DLL
             7fef16d0000 501092e9 Jul 26 01:44:25 2012 C:\WINDOWS\system32\wpdshserviceobj.dll
             7fef1390000 5010814b Jul 26 00:29:15 2012 C:\Windows\System32\PortableDeviceTypes.dll
             7feeda70000 501081ce Jul 26 00:31:26 2012 C:\Windows\System32\PortableDeviceApi.dll
             7feeb810000 50109e19 Jul 26 02:32:09 2012 C:\Program Files\Windows Portable Devices\SqmApi.dll
             7fef0ee0000 50108ea5 Jul 26 01:26:13 2012 C:\WINDOWS\system32\SettingMonitor.dll
             7feefd20000 50109bd1 Jul 26 02:22:25 2012 C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
             7feefd00000 505a94b8 Sep 20 04:59:52 2012 C:\WINDOWS\system32\PackageStateRoaming.dll
             7feeb770000 50109564 Jul 26 01:55:00 2012 C:\WINDOWS\System32\cscui.dll
             7fef30c0000 5010a9be Jul 26 03:21:50 2012 C:\WINDOWS\System32\CSCDLL.dll
             7fef30d0000 5010a183 Jul 26 02:46:43 2012 C:\WINDOWS\System32\cscobj.dll
             7feed810000 501080a3 Jul 26 00:26:27 2012 C:\WINDOWS\System32\AltTab.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\SYSTEM32\CSCAPI.dll
             7feeb260000 50107edf Jul 26 00:18:55 2012 C:\WINDOWS\System32\pnidui.dll
             7fef2f70000 50109f4f Jul 26 02:37:19 2012 C:\WINDOWS\System32\NcaApi.dll
             7feeb710000 501096a5 Jul 26 02:00:21 2012 C:\WINDOWS\System32\srchadmin.dll
             7feed2f0000 5010825a Jul 26 00:33:46 2012 C:\WINDOWS\system32\NetworkStatus.dll
             7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
             7feebfa0000 50108006 Jul 26 00:23:50 2012 C:\Windows\System32\bthprops.cpl
             7feeec50000 5010871d Jul 26 00:54:05 2012 C:\Windows\System32\BluetoothApis.dll
             7fee73d0000 501095ae Jul 26 01:56:14 2012 C:\WINDOWS\System32\SyncCenter.dll
             7fee4770000 505a980d Sep 20 05:14:05 2012 C:\Windows\System32\ieframe.dll
             7fee9e20000 50109167 Jul 26 01:37:59 2012 C:\WINDOWS\System32\Actioncenter.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\System32\wevtapi.dll
             7feeacd0000 501098cf Jul 26 02:09:35 2012 C:\Windows\System32\imapi2.dll
             7fee9300000 50108083 Jul 26 00:25:55 2012 C:\WINDOWS\System32\hgcpl.dll
             7feec0d0000 5010804c Jul 26 00:25:00 2012 C:\WINDOWS\System32\provsvc.dll
             7fef21b0000 5010a6ed Jul 26 03:09:49 2012 C:\Windows\System32\qmgrprxy.dll
             7fef2400000 5010882e Jul 26 00:58:38 2012 C:\Windows\System32\Windows.Networking.Sockets.PushEnabledApplication.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7feec1a0000 50109479 Jul 26 01:51:05 2012 C:\WINDOWS\SYSTEM32\apprepapi.dll
             7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\WINDOWS\SYSTEM32\ntshrui.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\WINDOWS\SYSTEM32\srvcli.dll
             7fee97e0000 50108ecf Jul 26 01:26:55 2012 C:\WINDOWS\system32\NetworkExplorer.dll
             7feefcc0000 50108aeb Jul 26 01:10:19 2012 C:\WINDOWS\SYSTEM32\MPR.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll
             7feeb860000 5010982f Jul 26 02:06:55 2012 C:\WINDOWS\system32\PhotoMetadataHandler.dll
             7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\SYSTEM32\MsftEdit.dll
             7fee5a80000 501083e8 Jul 26 00:40:24 2012 C:\Windows\System32\Windows.Globalization.dll
             7fee6830000 505a964f Sep 20 05:06:39 2012 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
             7fee30c0000 5010908d Jul 26 01:34:21 2012 C:\WINDOWS\system32\UIRibbon.dll
             7fee5790000 5010ac85 Jul 26 03:33:41 2012 C:\WINDOWS\SYSTEM32\UIRibbonRes.dll
             7feed800000 5010a7dd Jul 26 03:13:49 2012 C:\WINDOWS\System32\drprov.dll
             7feed610000 5010899a Jul 26 01:04:42 2012 C:\WINDOWS\System32\ntlanman.dll
             7feed5f0000 50109f75 Jul 26 02:37:57 2012 C:\WINDOWS\System32\davclnt.dll
             7feed5e0000 5010a9ce Jul 26 03:22:06 2012 C:\WINDOWS\System32\DAVHLPR.dll
             7fee9390000 505aa5d5 Sep 20 06:12:53 2012 C:\WINDOWS\System32\StructuredQuery.dll
             7fee5710000 5010967d Jul 26 01:59:41 2012 C:\Windows\System32\dlnashext.dll
             7fef3050000 5010a2cd Jul 26 02:52:13 2012 C:\Windows\System32\DevDispItemProvider.dll
             7fee72f0000 50109745 Jul 26 02:03:01 2012 C:\Windows\System32\EhStorShell.dll
             7fef0be0000 5010a043 Jul 26 02:41:23 2012 C:\WINDOWS\System32\wscinterop.dll
             7feedf40000 50107eeb Jul 26 00:19:07 2012 C:\WINDOWS\System32\WSCAPI.dll
             7feefe20000 50108df3 Jul 26 01:23:15 2012 C:\WINDOWS\System32\wscui.cpl
             7fee2d90000 50108bcd Jul 26 01:14:05 2012 C:\WINDOWS\System32\werconcpl.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\System32\VERSION.dll
             7feed650000 501081cc Jul 26 00:31:24 2012 C:\WINDOWS\System32\wer.dll
             7feefdc0000 50108819 Jul 26 00:58:17 2012 C:\WINDOWS\System32\framedynos.dll
             7feefda0000 501098db Jul 26 02:09:47 2012 C:\WINDOWS\System32\wercplsupport.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7fef3680000 50109b69 Jul 26 02:20:41 2012 C:\WINDOWS\System32\hcproviders.dll
             7fef1780000 50108826 Jul 26 00:58:30 2012 C:\WINDOWS\system32\keepaliveprovider.dll
             7feedc20000 5010a948 Jul 26 03:19:52 2012 C:\WINDOWS\SYSTEM32\pcacli.dll
             7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\System32\sfc_os.dll
             7feee830000 5010809e Jul 26 00:26:22 2012 C:\WINDOWS\system32\timedate.cpl
             7fef3800000 5010a3e0 Jul 26 02:56:48 2012 C:\WINDOWS\system32\ATL.DLL
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000000000c80000
    ProcessParameters: 0000000000c81210
    CurrentDirectory:  'C:\WINDOWS\System32\'
    WindowTitle:  'Microsoft.Windows.Explorer'
    ImageFile:    'C:\WINDOWS\Explorer.EXE'
    CommandLine:  'C:\WINDOWS\Explorer.EXE'
    DllPath:      '< Name not readable >'
    Environment:  0000000000c80860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001e3a480  Cid 0d68.0cb4  Teb: 000007f68f17d000 Win32Thread: fffff9010064ab90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003efb930  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738182       Ticks: 2946 (0:00:00:45.957)
        Context Switch Count      7313           IdealProcessor: 0             
        UserTime                  00:00:00.218
        KernelTime                00:00:00.249
        Win32 Start Address Explorer!wWinMainCRTStartup (0x000007f68f699430)
        Stack Init fffff8801724fdd0 Current fffff8801724f770
        Base fffff88017250000 Limit fffff8801724a000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80037b4080  Cid 0d68.0638  Teb: 000007f68f179000 Win32Thread: fffff9010063e5b0 RUNNING on processor 1
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      18325          IdealProcessor: 0             
        UserTime                  00:00:00.280
        KernelTime                00:00:00.405
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880159e3fd0 Current fffff880171fc7f0
        Base fffff880159e4000 Limit fffff880159de000 Call 0
        Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002794b00  Cid 0d68.0428  Teb: 000007f68f177000 Win32Thread: fffff90103e90b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040783f0  SynchronizationEvent
            fffffa8003fb6690  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff880171d9dd0 Current fffff880171d9180
        Base fffff880171da000 Limit fffff880171d4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80033fc480  Cid 0d68.0964  Teb: 000007f68f04a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f2bca0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739761       Ticks: 1367 (0:00:00:21.325)
        Context Switch Count      47             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880172b5dd0 Current fffff880172b50f0
        Base fffff880172b6000 Limit fffff880172b0000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80018d2500  Cid 0d68.096c  Teb: 000007f68f04e000 Win32Thread: fffff90103ec63a0 WAIT: (UserRequest) UserMode Alertable
            fffffa800203eaf0  NotificationEvent
            fffffa8001ff8b30  NotificationEvent
            fffffa80020a75a0  NotificationEvent
            fffffa8001fec130  NotificationEvent
            fffffa800399b060  NotificationEvent
            fffffa8001c36280  NotificationEvent
            fffffa8003a05650  NotificationEvent
            fffffa800413d460  NotificationEvent
            fffffa8001e8bfb8  NotificationEvent
            fffffa800269c680  NotificationEvent
            fffffa8002634130  NotificationEvent
            fffffa800203e1e0  NotificationEvent
            fffffa800203e160  NotificationEvent
            fffffa8003fedc70  NotificationEvent
            fffffa80018f4160  NotificationEvent
            fffffa8002c4c700  NotificationEvent
            fffffa8001f0c420  NotificationEvent
            fffffa8003fa6f90  NotificationEvent
            fffffa8001d1bfe0  NotificationEvent
            fffffa80039615b0  NotificationEvent
            fffffa80030b3140  NotificationEvent
            fffffa8001ddb490  NotificationEvent
            fffffa8003612970  NotificationEvent
            fffffa8003808740  NotificationEvent
            fffffa800276aad0  NotificationEvent
            fffffa8003dc7a10  NotificationEvent
            fffffa800267f550  NotificationEvent
            fffffa8002637fe0  NotificationEvent
            fffffa80036a1940  NotificationEvent
            fffffa8001fa0930  NotificationEvent
            fffffa8004030d70  NotificationEvent
            fffffa8003f8bfe0  NotificationEvent
            fffffa8001f25b10  NotificationEvent
            fffffa8003f94060  NotificationEvent
            fffffa8002632690  NotificationEvent
            fffffa8002df12f0  SynchronizationEvent
        IRP List:
            fffffa80021b7c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001e22150: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80036c3af0: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80036c8550: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa800338b830: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001e3ac10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001d85c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003707c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80037f5310: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80027ff7c0: (0006,01f0) Flags: 00060000  Mdl: fffffa800205ad00
            fffffa80033981f0: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003856810: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8004159c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa800392fc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003f7cc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003f80480: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001ebac10: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15731604       Ticks: 9524 (0:00:02:28.575)
        Context Switch Count      592            IdealProcessor: 0             
        UserTime                  00:00:00.156
        KernelTime                00:00:00.062
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880172cfdd0 Current fffff880172cf180
        Base fffff880172d0000 Limit fffff880172ca000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003f0ca00  Cid 0d68.03b4  Teb: 000007f68f048000 Win32Thread: fffff90103ede780 READY on processor 1
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      83236          IdealProcessor: 0             
        UserTime                  00:00:05.101
        KernelTime                00:00:04.976
        Win32 Start Address windows_immersiveshell_serviceprovider!CImmersiveShellController::s_ImmersiveShellComponentsThreadProc (0x000007fef0033564)
        Stack Init fffff8801729ddd0 Current fffff8801729d7d0
        Base fffff8801729e000 Limit fffff88017298000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001cf9080  Cid 0d68.0ea0  Teb: 000007f68f046000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c96ae0  SynchronizationTimer
            fffffa8001c9ff60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740436       Ticks: 692 (0:00:00:10.795)
        Context Switch Count      72             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address twinui!MemWatcherMonitorThreadProc (0x000007fee5e31060)
        Stack Init fffff880172e4dd0 Current fffff880172e4180
        Base fffff880172e5000 Limit fffff880172df000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003841740  Cid 0d68.03a0  Teb: 000007f68f040000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffff802b3d181e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address twinui!CImmersiveWatermark::s_NotificationWindowDisplay (0x000007fee5f06ed4)
        Stack Init fffff880172dddd0 Current fffff880172dc030
        Base fffff880172de000 Limit fffff880172d8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003fdb940  Cid 0d68.0af8  Teb: 000007f68f03a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003bd0060  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88017340dd0 Current fffff88017340900
        Base fffff88017341000 Limit fffff8801733b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c4d800  Cid 0d68.0204  Teb: 000007f68f038000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003dc8060  NotificationEvent
            fffffa8001cdd210  SynchronizationEvent
            fffffa80040db060  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for sppc.dll - 
        Win32 Start Address sppc (0x000007fef0c16208)
        Stack Init fffff8801735cdd0 Current fffff8801735c180
        Base fffff8801735d000 Limit fffff88017357000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c30b00  Cid 0d68.0218  Teb: 000007f68f036000 Win32Thread: fffff90103efeb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80031e8060  SynchronizationEvent
            fffffa8002c9d760  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15726086       Ticks: 15042 (0:00:03:54.656)
        Context Switch Count      10             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address DUI70!DirectUI::StyleSheetCache::CCacheThread::s_ThreadProc (0x000007fef220cb24)
        Stack Init fffff88017430dd0 Current fffff88017430180
        Base fffff88017431000 Limit fffff8801742b000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80040cc4c0  Cid 0d68.0200  Teb: 000007f68f030000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800402f9e0  NotificationEvent
            fffffa800385be90  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0)
        Stack Init fffff8801758edd0 Current fffff8801758e180
        Base fffff8801758f000 Limit fffff88017589000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003098380  Cid 0d68.0ecc  Teb: 000007f68f028000 Win32Thread: fffff90103efa680 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003618060  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      21             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88017484dd0 Current fffff880174845f0
        Base fffff88017485000 Limit fffff8801747f000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002196600  Cid 0d68.01bc  Teb: 000007f68f024000 Win32Thread: fffff90103f00b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8001d6bdc0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      24             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801753cdd0 Current fffff8801753c5f0
        Base fffff8801753d000 Limit fffff88017537000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d88b00  Cid 0d68.0390  Teb: 000007f68f022000 Win32Thread: fffff90103f00710 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80038b9220  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738781       Ticks: 2347 (0:00:00:36.613)
        Context Switch Count      303            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff8801748bdd0 Current fffff8801748b5f0
        Base fffff8801748c000 Limit fffff88017486000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80040667c0  Cid 0d68.0d3c  Teb: 000007f68f026000 Win32Thread: fffff90103f08b90 READY on processor 0
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      3843           IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.062
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801747ddd0 Current fffff8801747d700
        Base fffff8801747e000 Limit fffff88017478000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80040b9080  Cid 0d68.01cc  Teb: 000007f68f01e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80024ca960  SynchronizationEvent
            fffffa80033ff260  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739009       Ticks: 2119 (0:00:00:33.056)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880174aedd0 Current fffff880174ae180
        Base fffff880174af000 Limit fffff880174a9000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e0ab00  Cid 0d68.08f0  Teb: 000007f68f014000 Win32Thread: fffff90103f38b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800372b290  SynchronizationEvent
            fffffa8003ba06d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740203       Ticks: 925 (0:00:00:14.430)
        Context Switch Count      326            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801597afd0 Current fffff8801597a380
        Base fffff8801597b000 Limit fffff88015975000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8004148b00  Cid 0d68.0d84  Teb: 000007f68f012000 Win32Thread: fffff90103f4ab90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80037ad890  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15715274       Ticks: 25854 (0:00:06:43.324)
        Context Switch Count      63             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880174d6dd0 Current fffff880174d65f0
        Base fffff880174d7000 Limit fffff880174d1000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d5c040  Cid 0d68.0e14  Teb: 000007f68f00e000 Win32Thread: fffff90100754010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002c46d50  NotificationEvent
            fffffa8001d09470  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      42             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801657add0 Current fffff8801657a180
        Base fffff8801657b000 Limit fffff88016575000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f46b00  Cid 0d68.0890  Teb: 000007f68eff0000 Win32Thread: fffff90104041010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002036fe0  NotificationEvent
            fffffa80033981c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736244       Ticks: 4884 (0:00:01:16.190)
        Context Switch Count      331            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880174e4dd0 Current fffff880174e4180
        Base fffff880174e5000 Limit fffff880174df000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002ce1b00  Cid 0d68.0394  Teb: 000007f68efe8000 Win32Thread: fffff90103f74750 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8003989500  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736244       Ticks: 4884 (0:00:01:16.190)
        Context Switch Count      80             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990)
        Stack Init fffff88017595dd0 Current fffff880175957a0
        Base fffff88017596000 Limit fffff88017590000 Call 0
        Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002ce7080  Cid 0d68.0ff4  Teb: 000007f68efe6000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800402f9e0  NotificationEvent
            fffffa80041a5fe0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0)
        Stack Init fffff880175a3dd0 Current fffff880175a3180
        Base fffff880175a4000 Limit fffff8801759e000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cda240  Cid 0d68.0f4c  Teb: 000007f68efe4000 Win32Thread: fffff901000ebb90 WAIT: (UserRequest) UserMode Alertable
            fffffa8001821a30  NotificationEvent
            fffffa8001c4c060  SynchronizationTimer
            fffffa8003f8bd90  NotificationEvent
            fffffa800381b300  NotificationEvent
            fffffa800209b4e0  SynchronizationEvent
            fffffa8002da6590  SynchronizationEvent
            fffffa800213cd30  SynchronizationEvent
        IRP List:
            fffffa8001ebc010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001f86c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80038b4c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001cf3430: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001d8ec10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa800417fc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001f98af0: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8002d2f010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80041304d0: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8001f6fc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003e36010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8002067c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa80038fd010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8002c64010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa800379d010: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003de0c10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8002e56430: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      1960           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.046
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880175aadd0 Current fffff880175aa180
        Base fffff880175ab000 Limit fffff880175a5000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cd4240  Cid 0d68.0d5c  Teb: 000007f68efe2000 Win32Thread: fffff901000ddb90 WAIT: (UserRequest) UserMode Alertable
            fffffa8003d84060  SynchronizationEvent
            fffffa8003efb780  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734768       Ticks: 6360 (0:00:01:39.216)
        Context Switch Count      420            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff880175f9dd0 Current fffff880175f9180
        Base fffff880175fa000 Limit fffff880175f4000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cb7080  Cid 0d68.030c  Teb: 000007f68efe0000 Win32Thread: fffff9010061e6f0 WAIT: (UserRequest) UserMode Alertable
            fffffa800403fcb0  SynchronizationEvent
            fffffa8003ff4be0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      62             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801719cdd0 Current fffff8801719c180
        Base fffff8801719d000 Limit fffff88017197000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003066b00  Cid 0d68.0e90  Teb: 000007f68efde000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8002036060  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738482       Ticks: 2646 (0:00:00:41.277)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlanapi!NotificationApcThreadProc (0x000007fef03bba00)
        Stack Init fffff880175bedd0 Current fffff880175be900
        Base fffff880175bf000 Limit fffff880175b9000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80020fb880  Cid 0d68.0a40  Teb: 000007f68efda000 Win32Thread: fffff901040b3750 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800402f9e0  NotificationEvent
            fffffa8001fd55d0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0)
        Stack Init fffff880175dbdd0 Current fffff880175db180
        Base fffff880175dc000 Limit fffff880175d6000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e41080  Cid 0d68.09f8  Teb: 000007f68efd8000 Win32Thread: fffff901000e96f0 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8001ed83d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88000fdbdd0 Current fffff88000fdb5f0
        Base fffff88000fdc000 Limit fffff88000fd6000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002744640  Cid 0d68.03c4  Teb: 000007f68efd6000 Win32Thread: fffff90103fc0750 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8001d16ce0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      33             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8800099bdd0 Current fffff8800099b5f0
        Base fffff8800099c000 Limit fffff88000996000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003600380  Cid 0d68.0280  Teb: 000007f68efd4000 Win32Thread: fffff90103f66b90 WAIT: (UserRequest) UserMode Alertable
            fffffa80024c64c0  SynchronizationEvent
        IRP List:
            fffffa8002eadc10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa8003000010: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728588       Ticks: 12540 (0:00:03:15.625)
        Context Switch Count      193            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.031
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88014e8bdd0 Current fffff88014e8b0f0
        Base fffff88014e8c000 Limit fffff88014e86000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800212ea80  Cid 0d68.0c90  Teb: 000007f68efd2000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800402f9e0  NotificationEvent
            fffffa8003bb5250  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wlidprov!NotificationThread (0x000007feea6433c0)
        Stack Init fffff88000fd4dd0 Current fffff88000fd4180
        Base fffff88000fd5000 Limit fffff88000fcf000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c9bb00  Cid 0d68.0c04  Teb: 000007f68f173000 Win32Thread: fffff90103f78710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800403fd30  SynchronizationEvent
            fffffa80020b0f60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712531       Ticks: 28597 (0:00:07:26.116)
        Context Switch Count      1912           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801550bfd0 Current fffff8801550b380
        Base fffff8801550c000 Limit fffff88015506000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800366cb00  Cid 0d68.0de4  Teb: 000007f68efd0000 Win32Thread: fffff90103fb4b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8001d33ce0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737617       Ticks: 3511 (0:00:00:54.771)
        Context Switch Count      121            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8800306add0 Current fffff8800306a5f0
        Base fffff8800306b000 Limit fffff88003065000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001d90080  Cid 0d68.0c44  Teb: 000007f68f175000 Win32Thread: fffff90104013950 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003ec2f50  SynchronizationEvent
            fffffa80041640f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      6890           IdealProcessor: 0             
        UserTime                  00:00:00.390
        KernelTime                00:00:00.702
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88003086fd0 Current fffff88003086380
        Base fffff88003087000 Limit fffff88003081000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001d75b00  Cid 0d68.0d44  Teb: 000007f68f01c000 Win32Thread: fffff901006e9b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8004142a10  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      37             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address SHCORE!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88015eeddd0 Current fffff88015eed5f0
        Base fffff88015eee000 Limit fffff88015ee8000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800213c800  Cid 0d68.0f08  Teb: 000007f68f006000 Win32Thread: fffff90103f6ab90 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        IRP List:
            fffffa80041e8010: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735451       Ticks: 5677 (0:00:01:28.561)
        Context Switch Count      397            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014f8edd0 Current fffff88014f8e760
        Base fffff88014f8f000 Limit fffff88014f89000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002e56b00  Cid 0d68.0140  Teb: 000007f68f000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001f4e080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880164b6dd0 Current fffff880164b6760
        Base fffff880164b7000 Limit fffff880164b1000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cdf300  Cid 0d68.0854  Teb: 000007f68f03c000 Win32Thread: fffff90103f544e0 READY on processor 1
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      443            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88000fe2dd0 Current fffff88000fe2760
        Base fffff88000fe3000 Limit fffff88000fdd000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003fdc840  Cid 0d68.0fd8  Teb: 000007f68f04c000 Win32Thread: fffff9010419eb90 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739713       Ticks: 1415 (0:00:00:22.074)
        Context Switch Count      387            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880170a1dd0 Current fffff880170a1760
        Base fffff880170a2000 Limit fffff8801709c000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80020aeb00  Cid 0d68.0804  Teb: 000007f68f032000 Win32Thread: fffff90104195530 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738504       Ticks: 2624 (0:00:00:40.934)
        Context Switch Count      206            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017102dd0 Current fffff88017102760
        Base fffff88017103000 Limit fffff880170fd000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003095240  Cid 0d68.0438  Teb: 000007f68f034000 Win32Thread: fffff901040a05b0 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738591       Ticks: 2537 (0:00:00:39.577)
        Context Switch Count      171            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880173ccdd0 Current fffff880173cc760
        Base fffff880173cd000 Limit fffff880173c7000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002692700  Cid 0d68.0dc0  Teb: 000007f68f02e000 Win32Thread: fffff901042fb010 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740848       Ticks: 280 (0:00:00:04.368)
        Context Switch Count      338            IdealProcessor: 0             
        UserTime                  00:00:00.078
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880173dbdd0 Current fffff880173db760
        Base fffff880173dc000 Limit fffff880173d6000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80033cd080  Cid 0d68.09e4  Teb: 000007f68f020000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735437       Ticks: 5691 (0:00:01:28.780)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017437dd0 Current fffff88017437760
        Base fffff88017438000 Limit fffff88017432000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa800219b080  Cid 0d68.0a6c  Teb: 000007f68f01a000 Win32Thread: fffff90100625b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef3280  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738573       Ticks: 2555 (0:00:00:39.858)
        Context Switch Count      140            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801743edd0 Current fffff8801743e760
        Base fffff8801743f000 Limit fffff88017439000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002161080  Cid 0d68.09fc  Teb: 000007f68f17b000 Win32Thread: fffff9010412ab90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002634c10  SynchronizationEvent
            fffffa8002cf2e90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737843       Ticks: 3285 (0:00:00:51.246)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address UxTheme!CManagerImpl::s_ThreadProc (0x000007fef3c98fc0)
        Stack Init fffff8801751cdd0 Current fffff8801751c180
        Base fffff8801751d000 Limit fffff88017517000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001ebe040  Cid 0d68.0edc  Teb: 000007f68f044000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Alertable
            fffffa8004001540  SynchronizationEvent
            fffff88014e4cbe0  NotificationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003ed3600       Image:         explorer.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740978       Ticks: 150 (0:00:00:02.340)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!RtlpWnfNotificationThread (0x000007fef7f005bc)
        Stack Init fffff88014e4cdd0 Current fffff88014e4c8a0
        Base fffff88014e4d000 Limit fffff88014e47000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8001fe8940
    SessionId: 2  Cid: 0bdc    Peb: 7f6bc9cc000  ParentCid: 0288
    DirBase: 09f57000  ObjectTable: fffff8a002742440  HandleCount: <Data Not Accessible>
    Image: LiveComm.exe
    VadRoot fffffa8002d8ecd0 Vads 308 Clone 0 Private 1551. Modified 1331. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a0068da8c0
    ElapsedTime                       00:15:36.587
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.015
    QuotaPoolUsage[PagedPool]         330592
    QuotaPoolUsage[NonPagedPool]      45008
    Working Set Sizes (now,min,max)  (5237, 50, 345) (20948KB, 200KB, 1380KB)
    PeakWorkingSetSize                6082
    VirtualSize                       752 Mb
    PeakVirtualSize                   757 Mb
    PageFaultCount                    11177
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      3185
    Job                               fffffa8001dfa060

    Setting context for this process...
.process /p /r fffffa8001fe8940
                                       
    !peb
PEB at 000007f6bc9cc000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6bd870000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000001e5b5a1f50 . 0000001e21942790
    Ldr.InLoadOrderModuleList:           0000001e5b5a20b0 . 0000001e21942770
    Ldr.InMemoryOrderModuleList:         0000001e5b5a20c0 . 0000001e21942780
                    Base TimeStamp                     Module
             7f6bd870000 500ca1a7 Jul 23 01:58:15 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7feeb2f0000 4ffe2eb5 Jul 12 02:56:05 2012 C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe\MSVCR110.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2e20000 500ca148 Jul 23 01:56:40 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\wllog.dll
             7fee99c0000 500ca196 Jul 23 01:57:58 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef0e80000 50108231 Jul 26 00:33:05 2012 C:\Windows\System32\Windows.Storage.ApplicationData.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef0c60000 500ca1c4 Jul 23 01:58:44 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\shared\bici.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef0c40000 5010884e Jul 26 00:59:10 2012 C:\Windows\System32\threadpoolwinrt.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7feecb30000 501087eb Jul 26 00:57:31 2012 C:\Windows\System32\biwinrt.dll
             7fee7140000 500ca186 Jul 23 01:57:42 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll
             7feeafc0000 501087a4 Jul 26 00:56:20 2012 C:\WINDOWS\System32\wpnapps.dll
             7feec370000 5010a4f2 Jul 26 03:01:22 2012 C:\Windows\System32\Windows.ApplicationModel.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\SYSTEM32\ESENT.dll
             7fef3600000 500ca1bc Jul 23 01:58:36 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll
             7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\Windows\System32\msxml6.dll
             7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll
             7fee7330000 500ca15d Jul 23 01:57:01 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.PresenceIM.dll
             7fee7000000 500ca17e Jul 23 01:57:34 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Eas.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\XmlLite.dll
             7fee6ec0000 500ca16c Jul 23 01:57:16 2012 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll
             7fee5a10000 505a9222 Sep 20 04:48:50 2012 C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
             7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\SYSTEM32\SystemEventsBrokerClient.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\SYSTEM32\FirewallAPI.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\userenv.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7fee5a80000 501083e8 Jul 26 00:40:24 2012 C:\Windows\System32\Windows.Globalization.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7feec390000 50107f23 Jul 26 00:20:03 2012 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7fef0290000 501089fb Jul 26 01:06:19 2012 C:\Windows\System32\CryptoWinRT.dll
             7feeb100000 50109dd1 Jul 26 02:30:57 2012 C:\Windows\System32\easwrt.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\SYSTEM32\SAMLIB.dll
             7feeda50000 50108952 Jul 26 01:03:30 2012 C:\WINDOWS\SYSTEM32\winbio.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\SYSTEM32\samcli.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\SYSTEM32\netutils.dll
             7fef4110000 501089d5 Jul 26 01:05:41 2012 C:\WINDOWS\SYSTEM32\AUTHZ.dll
             7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\Windows\System32\Windows.UI.dll
             7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll
    SubSystemData:     000007fee8ad43f0
    ProcessHeap:       0000001e5b5a0000
    ProcessParameters: 0000001e5b5a1360
    CurrentDirectory:  'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\'
    WindowTitle:  '"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe"'
    ImageFile:    'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe'
    CommandLine:  '"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server'
    DllPath:      'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.8514.0_neutral__8wekyb3d8bbwe'
    Environment:  0000001e5b5a0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8002492800  Cid 0bdc.0be8  Teb: 000007f6bc9ce000 Win32Thread: fffff90103f742d0 WAIT: (WrAlertByThreadId) UserMode Non-Alertable
            000007fee8ad5c10  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735435       Ticks: 5693 (0:00:01:28.811)
        Context Switch Count      133            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
*** ERROR: Module load completed but symbols could not be loaded for LiveComm.exe
        Win32 Start Address LiveComm (0x000007f6bd873b24)
        Stack Init fffff88017499dd0 Current fffff88017499970
        Base fffff8801749a000 Limit fffff88017494000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580
        Kernel stack not resident.

        THREAD fffffa8001efeb00  Cid 0bdc.07b8  Teb: 000007f6bc9ca000 Win32Thread: fffff90103f66710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003db2740  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736425       Ticks: 4703 (0:00:01:13.367)
        Context Switch Count      260            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015833dd0 Current fffff88015833900
        Base fffff88015834000 Limit fffff8801582e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8001c8cb00  Cid 0bdc.0450  Teb: 000007f6bc9c8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e796d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735435       Ticks: 5693 (0:00:01:28.811)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpLogger (0x000007fef7f46168)
        Stack Init fffff8801583add0 Current fffff8801583a900
        Base fffff8801583b000 Limit fffff88015835000 Call 0
        Priority 10 BasePriority 10 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580
        Kernel stack not resident.

        THREAD fffffa8001c7f080  Cid 0bdc.0e84  Teb: 000007f6bc9c4000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e888f0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740524       Ticks: 604 (0:00:00:09.422)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88015841dd0 Current fffff880158410f0
        Base fffff88015842000 Limit fffff8801583c000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8002d2a200  Cid 0bdc.0e3c  Teb: 000007f6bc89e000 Win32Thread: fffff90100600b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c176c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736493       Ticks: 4635 (0:00:01:12.306)
        Context Switch Count      1391           IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e06dd0 Current fffff88014e06900
        Base fffff88014e07000 Limit fffff88014e01000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa800260d080  Cid 0bdc.05d4  Teb: 000007f6bc89c000 Win32Thread: fffff90103f54b90 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a9080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740403       Ticks: 725 (0:00:00:11.310)
        Context Switch Count      470            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801584fdd0 Current fffff8801584f760
        Base fffff88015850000 Limit fffff8801584a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80031f2b00  Cid 0bdc.003c  Teb: 000007f6bc89a000 Win32Thread: fffff901000ef570 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a9080  QueueObject
        IRP List:
            fffffa8003ed5010: (0006,03e8) Flags: 00020000  Mdl: 00000000
            fffffa8003f18c10: (0006,03e8) Flags: 00020000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736400       Ticks: 4728 (0:00:01:13.757)
        Context Switch Count      546            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015848dd0 Current fffff88015848760
        Base fffff88015849000 Limit fffff88015843000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80040e8b00  Cid 0bdc.01c0  Teb: 000007f6bc896000 Win32Thread: fffff90103f72b90 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a9080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736400       Ticks: 4728 (0:00:01:13.757)
        Context Switch Count      139            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017579dd0 Current fffff88017579760
        Base fffff8801757a000 Limit fffff88017574000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80020c5b00  Cid 0bdc.0168  Teb: 000007f6bc894000 Win32Thread: fffff90103f6cb90 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a9080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      784            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801585ddd0 Current fffff8801585d760
        Base fffff8801585e000 Limit fffff88015858000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8002054400  Cid 0bdc.0870  Teb: 000007f6bc890000 Win32Thread: fffff90103fe5b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f4e4d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736195       Ticks: 4933 (0:00:01:16.955)
        Context Switch Count      234            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015872dd0 Current fffff88015872900
        Base fffff88015873000 Limit fffff8801586d000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80039d1b00  Cid 0bdc.0cc8  Teb: 000007f6bc88c000 Win32Thread: fffff90100624b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003bdc500  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736965       Ticks: 4163 (0:00:01:04.943)
        Context Switch Count      592            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.078
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015879dd0 Current fffff88015879760
        Base fffff8801587a000 Limit fffff88015874000 Call 0
        Priority 7 BasePriority 6 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8001ec1080  Cid 0bdc.0a10  Teb: 000007f6bc88a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003768f60  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735435       Ticks: 5693 (0:00:01:28.811)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880154a2dd0 Current fffff880154a2900
        Base fffff880154a3000 Limit fffff8801549d000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580
        Kernel stack not resident.

        THREAD fffffa8001c49080  Cid 0bdc.0e18  Teb: 000007f6bc888000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa80027fb080  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736491       Ticks: 4637 (0:00:01:12.337)
        Context Switch Count      44             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880154b7dd0 Current fffff880154b77a0
        Base fffff880154b8000 Limit fffff880154b2000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8001d4f4c0  Cid 0bdc.0e34  Teb: 000007f6bc884000 Win32Thread: fffff90103fba290 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001eef290  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736136       Ticks: 4992 (0:00:01:17.875)
        Context Switch Count      555            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015902dd0 Current fffff88015902900
        Base fffff88015903000 Limit fffff880158fd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8001e41080  Cid 0bdc.0b68  Teb: 000007f6bc882000 Win32Thread: fffff90100703010 WAIT: (WrQueue) UserMode Alertable
            fffffa800418c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736915       Ticks: 4213 (0:00:01:05.723)
        Context Switch Count      196            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015909dd0 Current fffff88015909760
        Base fffff8801590a000 Limit fffff88015904000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80040a8600  Cid 0bdc.0988  Teb: 000007f6bc880000 Win32Thread: fffff90100701010 WAIT: (WrQueue) UserMode Alertable
            fffffa800418c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736367       Ticks: 4761 (0:00:01:14.272)
        Context Switch Count      69             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155a4dd0 Current fffff880155a4760
        Base fffff880155a5000 Limit fffff8801559f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8001e5a780  Cid 0bdc.08b8  Teb: 000007f6bc87e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80021944e0  NotificationEvent
        IRP List:
            fffffa80020a1330: (0006,01f0) Flags: 00020070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736915       Ticks: 4213 (0:00:01:05.723)
        Context Switch Count      109            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc)
        Stack Init fffff88014faadd0 Current fffff88014faa900
        Base fffff88014fab000 Limit fffff88014fa5000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8003648480  Cid 0bdc.0cbc  Teb: 000007f6bc87c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8002ef0700  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740662       Ticks: 466 (0:00:00:07.269)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880171b6dd0 Current fffff880171b6760
        Base fffff880171b7000 Limit fffff880171b1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8003041300  Cid 0bdc.0914  Teb: 000007f6bc878000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa800367b740  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736876       Ticks: 4252 (0:00:01:06.331)
        Context Switch Count      13             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990)
        Stack Init fffff88017022dd0 Current fffff880170227a0
        Base fffff88017023000 Limit fffff8801701d000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80033b1940  Cid 0bdc.0cfc  Teb: 000007f6bc87a000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable
            fffffa8003bbe118  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15735637       Ticks: 5491 (0:00:01:25.660)
        Context Switch Count      23             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac)
        Stack Init fffff88015964dd0 Current fffff880159647e0
        Base fffff88015965000 Limit fffff8801595f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580
        Kernel stack not resident.

        THREAD fffffa800418bb00  Cid 0bdc.0da4  Teb: 000007f6bc886000 Win32Thread: fffff90103f06640 WAIT: (UserRequest) UserMode Alertable
            fffffa8003065290  SynchronizationEvent
        IRP List:
            fffffa8002195c10: (0006,03e8) Flags: 00020870  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740256       Ticks: 872 (0:00:00:13.603)
        Context Switch Count      51             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0)
        Stack Init fffff8801731fdd0 Current fffff8801731f0f0
        Base fffff88017320000 Limit fffff8801731a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa8003894b00  Cid 0bdc.0e40  Teb: 000007f6bc872000 Win32Thread: fffff90104252b90 WAIT: (WrQueue) UserMode Alertable
            fffffa800418c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736965       Ticks: 4163 (0:00:01:04.943)
        Context Switch Count      67             IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801759cdd0 Current fffff8801759c760
        Base fffff8801759d000 Limit fffff88017597000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa80020ca080  Cid 0bdc.0b98  Teb: 000007f6bc86e000 Win32Thread: fffff9010434ab90 WAIT: (WrQueue) UserMode Alertable
            fffffa800418c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736965       Ticks: 4163 (0:00:01:04.943)
        Context Switch Count      42             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003063dd0 Current fffff88003063760
        Base fffff88003064000 Limit fffff8800305e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580

        THREAD fffffa800306a440  Cid 0bdc.0b30  Teb: 000007f6bc866000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800418c880  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001fe8940       Image:         LiveComm.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736997       Ticks: 4131 (0:00:01:04.444)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003dfbdd0 Current fffff88003dfb760
        Base fffff88003dfc000 Limit fffff88003df6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa8003057580


PROCESS fffffa8002d5d940
    SessionId: 2  Cid: 0dd0    Peb: 7f6525bf000  ParentCid: 0d68
    DirBase: 66377000  ObjectTable: fffff8a0068d5600  HandleCount: <Data Not Accessible>
    Image: browserchoice.exe
    VadRoot fffffa8003b45140 Vads 74 Clone 0 Private 301. Modified 1. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a002f828c0
    ElapsedTime                       00:15:21.299
    UserTime                          00:00:00.015
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         199688
    QuotaPoolUsage[NonPagedPool]      9408
    Working Set Sizes (now,min,max)  (2142, 50, 345) (8568KB, 200KB, 1380KB)
    PeakWorkingSetSize                2189
    VirtualSize                       96 Mb
    PeakVirtualSize                   99 Mb
    PageFaultCount                    2368
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      495

    Setting context for this process...
.process /p /r fffffa8002d5d940
                                       
    !peb
PEB at 000007f6525bf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f652920000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000002fd1e41a90 . 0000002fd1e900a0
    Ldr.InLoadOrderModuleList:           0000002fd1e41bf0 . 0000002fd1e90080
    Ldr.InMemoryOrderModuleList:         0000002fd1e41c00 . 0000002fd1e90090
                    Base TimeStamp                     Module
             7f652920000 502afc3f Aug 15 02:32:47 2012 C:\Windows\BrowserChoice\browserchoice.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\Windows\System32\twinui.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\Windows\System32\XmlLite.dll
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\Windows\System32\dwmapi.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\OLEACC.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000002fd1e40000
    ProcessParameters: 0000002fd1e41210
    CurrentDirectory:  'C:\WINDOWS\System32\'
    WindowTitle:  'C:\Windows\BrowserChoice\browserchoice.exe'
    ImageFile:    'C:\Windows\BrowserChoice\browserchoice.exe'
    CommandLine:  '"C:\Windows\BrowserChoice\browserchoice.exe" /run'
    DllPath:      '< Name not readable >'
    Environment:  0000002fd1e40860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa800414e080  Cid 0dd0.0ffc  Teb: 000007f6525bd000 Win32Thread: fffff90103e94530 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003b43b00  NotificationEvent
            fffffa800200e080  ProcessObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002d5d940       Image:         browserchoice.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682371       Ticks: 58757 (0:00:15:16.615)
        Context Switch Count      173            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.031
        Win32 Start Address browserchoice!WinMainCRTStartup (0x000007f652923adc)
        Stack Init fffff880172d6dd0 Current fffff880172d6180
        Base fffff880172d7000 Limit fffff880172d1000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f76080  Cid 0dd0.07b4  Teb: 000007f6525b5000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001d6e380  SynchronizationEvent
            fffffa8003e455b0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002d5d940       Image:         browserchoice.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740007       Ticks: 1121 (0:00:00:17.487)
        Context Switch Count      5              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88015910dd0 Current fffff88015910180
        Base fffff88015911000 Limit fffff8801590b000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800418c9c0  Cid 0dd0.062c  Teb: 000007f6525bb000 Win32Thread: fffff90103fbab90 WAIT: (WrQueue) UserMode Alertable
            fffffa8003075a80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002d5d940       Image:         browserchoice.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15712373       Ticks: 28755 (0:00:07:28.580)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880160c3dd0 Current fffff880160c3760
        Base fffff880160c4000 Limit fffff880160be000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa800200e080
    SessionId: 2  Cid: 0478    Peb: 7f6893cf000  ParentCid: 0288
    DirBase: 66cf7000  ObjectTable: fffff8a0029307c0  HandleCount: <Data Not Accessible>
    Image: WWAHost.exe
    VadRoot fffffa8003dcfe60 Vads 239 Clone 0 Private 3988. Modified 23634. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a00213b060
    ElapsedTime                       00:15:19.037
    UserTime                          00:00:00.218
    KernelTime                        00:00:00.031
    QuotaPoolUsage[PagedPool]         414888
    QuotaPoolUsage[NonPagedPool]      33936
    Working Set Sizes (now,min,max)  (11114, 50, 345) (44456KB, 200KB, 1380KB)
    PeakWorkingSetSize                14528
    VirtualSize                       230 Mb
    PeakVirtualSize                   254 Mb
    PageFaultCount                    42939
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      5574
    Job                               fffffa80039a1060

    Setting context for this process...
.process /p /r fffffa800200e080
                                       
    !peb
PEB at 000007f6893cf000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6894b0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000006848391af0 . 000000684cf74680
    Ldr.InLoadOrderModuleList:           0000006848391c50 . 000000684cf74660
    Ldr.InMemoryOrderModuleList:         0000006848391c60 . 000000684cf74670
                    Base TimeStamp                     Module
             7f6894b0000 505a9152 Sep 20 04:45:22 2012 C:\WINDOWS\System32\WWAHost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\WINDOWS\SYSTEM32\wintypes.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\System32\Bcp47Langs.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fee34e0000 505aa515 Sep 20 06:09:41 2012 C:\WINDOWS\System32\MSHTML.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\System32\TWINAPI.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\System32\profapi.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\System32\dwmapi.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef3160000 4ffa5788 Jul 09 05:01:12 2012 C:\WINDOWS\System32\RoMetadata.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\System32\UxTheme.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\System32\DUI70.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\System32\bcryptPrimitives.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\WINDOWS\SYSTEM32\mrmcorer.dll
             7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\System32\d2d1.dll
             7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\System32\DWrite.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\System32\dxgi.dll
             7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\System32\d3d11.dll
             7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\System32\igd10umd64.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\System32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\System32\windows.ui.dll
             7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\System32\NInput.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\System32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\System32\SSPICLI.DLL
             7fef3650000 5010880a Jul 26 00:58:02 2012 C:\WINDOWS\system32\msimtf.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll
             7fef3130000 50109e64 Jul 26 02:33:24 2012 C:\Windows\System32\WwaApi.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\shell32.dll
             7fee69c0000 505a9b06 Sep 20 05:26:46 2012 C:\Windows\System32\jscript9.dll
             7fef0e80000 50108231 Jul 26 00:33:05 2012 C:\Windows\System32\Windows.Storage.ApplicationData.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\System32\bcrypt.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\System32\OLEACC.DLL
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\System32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\System32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\System32\WINNSI.DLL
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\System32\DNSAPI.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\userenv.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll
             7feeb860000 5010982f Jul 26 02:06:55 2012 C:\WINDOWS\system32\PhotoMetadataHandler.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\System32\PROPSYS.dll
             7fef02c0000 5010877e Jul 26 00:55:42 2012 C:\WINDOWS\system32\windowscodecsext.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\system32\mlang.dll
             7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll
             7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\System32\IEFRAME.dll
             7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\System32\DUser.dll
             7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\System32\D3D10Warp.dll
    SubSystemData:     000007fee8ad43f0
    ProcessHeap:       0000006848390000
    ProcessParameters: 00000068483912d0
    CurrentDirectory:  'C:\WINDOWS\BrowserChoice\'
    WindowTitle:  '"C:\WINDOWS\System32\WWAHost.exe"'
    ImageFile:    'C:\WINDOWS\System32\WWAHost.exe'
    CommandLine:  '"C:\WINDOWS\System32\WWAHost.exe" -ServerName:Windows.BrowserChoice'
    DllPath:      'C:\WINDOWS\BrowserChoice'
    Environment:  0000006848390860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Packages\browserchoice_cw5n1h2txyewy\AC\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa800362d500  Cid 0478.0254  Teb: 000007f6893cd000 Win32Thread: fffff90103f68b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800415e640  NotificationEvent
            fffffa8001fa17c0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741023       Ticks: 105 (0:00:00:01.638)
        Context Switch Count      88             IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address WWAHost!mainCRTStartup (0x000007f6894bb320)
        Stack Init fffff88017303dd0 Current fffff88017303180
        Base fffff88017304000 Limit fffff880172fe000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001f80b00  Cid 0478.03d4  Teb: 000007f6893c9000 Win32Thread: fffff90103fb6410 WAIT: (WrQueue) UserMode Alertable
            fffffa8003fc03c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      68             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880151f7dd0 Current fffff880151f7760
        Base fffff880151f8000 Limit fffff880151f2000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80036f5080  Cid 0478.0a14  Teb: 000007f6893c5000 Win32Thread: fffff90103fb8410 WAIT: (UserRequest) UserMode Alertable
            fffffa80027f9060  SynchronizationEvent
            fffffa80021a8940  NotificationEvent
            fffffa80041a7be0  SynchronizationTimer
            fffffa8001d2d380  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      16400          IdealProcessor: 0             
        UserTime                  00:00:02.464
        KernelTime                00:00:00.904
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff88003c52dd0 Current fffff88003c52180
        Base fffff88003c53000 Limit fffff88003c4d000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80032b3080  Cid 0478.0440  Teb: 000007f68929c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80037ec920  NotificationEvent
            fffffa8001f990f0  NotificationEvent
            fffffa800219d550  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682350       Ticks: 58778 (0:00:15:16.942)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mrmcorer!Windows::ApplicationModel::Resources::Core::LanguageChangeNotifiyThreadProc (0x000007feeeb8dcfc)
        Stack Init fffff88015f17dd0 Current fffff88015f17180
        Base fffff88015f18000 Limit fffff88015f12000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002e66500  Cid 0478.0250  Teb: 000007f689298000 Win32Thread: fffff90103fb6b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80040e0600  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682350       Ticks: 58778 (0:00:15:16.942)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address MSHTML!CIndependentHitTestManager::s_IndependentHitTestThreadProc (0x000007fee3987d10)
        Stack Init fffff88017133dd0 Current fffff880171335f0
        Base fffff88017134000 Limit fffff8801712e000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bd9080  Cid 0478.04d4  Teb: 000007f689296000 Win32Thread: fffff90103fba710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800269f430  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15702012       Ticks: 39116 (0:00:10:10.213)
        Context Switch Count      1108           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0)
        Stack Init fffff880161b1dd0 Current fffff880161b1900
        Base fffff880161b2000 Limit fffff880161ac000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001e1c600  Cid 0478.0f34  Teb: 000007f689294000 Win32Thread: fffff90103fb8b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e131a0  SynchronizationEvent
            fffffa8003b489d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15701923       Ticks: 39205 (0:00:10:11.601)
        Context Switch Count      2681           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.062
        Win32 Start Address MSHTML!CVSyncProvider::RunThread (0x000007fee399ae74)
        Stack Init fffff88017445dd0 Current fffff88017445180
        Base fffff88017446000 Limit fffff88017440000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8004016080  Cid 0478.0c0c  Teb: 000007f689292000 Win32Thread: fffff90103fa1410 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001f06e00  SynchronizationEvent
            fffffa80018a3900  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15721169       Ticks: 19959 (0:00:05:11.362)
        Context Switch Count      78             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0)
        Stack Init fffff88017587dd0 Current fffff88017587180
        Base fffff88017588000 Limit fffff88017582000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d83700  Cid 0478.013c  Teb: 000007f689290000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040b8620  SynchronizationEvent
            fffffa80041735c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682797       Ticks: 58331 (0:00:15:09.969)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff88015933dd0 Current fffff88015933180
        Base fffff88015934000 Limit fffff8801592e000 Call 0
        Priority 10 BasePriority 7 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003e56880  Cid 0478.0130  Teb: 000007f68928e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800384cca0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15682789       Ticks: 58339 (0:00:15:10.094)
        Context Switch Count      29             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff8800302edd0 Current fffff8800302e900
        Base fffff8800302f000 Limit fffff88003029000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002cd7b00  Cid 0478.0bf8  Teb: 000007f68928c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800398f290  SynchronizationEvent
            fffffa8003daf2f0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740250       Ticks: 878 (0:00:00:13.696)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88002fb2dd0 Current fffff88002fb2180
        Base fffff88002fb3000 Limit fffff88002fad000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d9a280  Cid 0478.0c74  Teb: 000007f689286000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa80027725f0  NotificationEvent
        IRP List:
            fffffa8002c9c670: (0006,01f0) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736465       Ticks: 4663 (0:00:01:12.743)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc)
        Stack Init fffff8801728fdd0 Current fffff8801728f900
        Base fffff88017290000 Limit fffff8801728a000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80030692c0  Cid 0478.0ea8  Teb: 000007f689282000 Win32Thread: fffff90103f78b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003da4c80  SynchronizationEvent
            fffffa8003da24e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15721169       Ticks: 19959 (0:00:05:11.362)
        Context Switch Count      34             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address MSHTML!CExecFT::StaticThreadProc (0x000007fee397b0c0)
        Stack Init fffff88015895dd0 Current fffff88015895180
        Base fffff88015896000 Limit fffff88015890000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001ed3080  Cid 0478.081c  Teb: 000007f68929e000 Win32Thread: fffff9010065c780 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800204c830  SynchronizationEvent
            fffffa800263b770  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15685914       Ticks: 55214 (0:00:14:21.343)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff8801715ddd0 Current fffff8801715d180
        Base fffff8801715e000 Limit fffff88017158000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80038e8080  Cid 0478.0a08  Teb: 000007f68928a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001eef1c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15685914       Ticks: 55214 (0:00:14:21.343)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880174bcdd0 Current fffff880174bc760
        Base fffff880174bd000 Limit fffff880174b7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002179080  Cid 0478.0180  Teb: 000007f6893cb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003fc03c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa800200e080       Image:         WWAHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738741       Ticks: 2387 (0:00:00:37.237)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017164dd0 Current fffff88017164760
        Base fffff88017165000 Limit fffff8801715f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002cc2940
    SessionId: 2  Cid: 03e4    Peb: 7f75e65c000  ParentCid: 0288
    DirBase: 53f43000  ObjectTable: fffff8a006b98400  HandleCount: <Data Not Accessible>
    Image: RuntimeBroker.exe
    VadRoot fffffa80036e7a20 Vads 134 Clone 0 Private 643. Modified 34. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a00316a670
    ElapsedTime                       00:15:16.744
    UserTime                          00:00:00.093
    KernelTime                        00:00:00.078
    QuotaPoolUsage[PagedPool]         255848
    QuotaPoolUsage[NonPagedPool]      17136
    Working Set Sizes (now,min,max)  (4049, 50, 345) (16196KB, 200KB, 1380KB)
    PeakWorkingSetSize                4202
    VirtualSize                       121 Mb
    PeakVirtualSize                   140 Mb
    PageFaultCount                    5826
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      985

    Setting context for this process...
.process /p /r fffffa8002cc2940
                                       
    !peb
PEB at 000007f75e65c000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f75ed50000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000bd3a531a20 . 000000bd3c2f8a20
    Ldr.InLoadOrderModuleList:           000000bd3a531b80 . 000000bd3c2f8a00
    Ldr.InMemoryOrderModuleList:         000000bd3a531b90 . 000000bd3c2f8a10
                    Base TimeStamp                     Module
             7f75ed50000 5010884f Jul 26 00:59:11 2012 C:\Windows\System32\RuntimeBroker.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\Windows\System32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\Windows\System32\bcryptPrimitives.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\Windows\System32\ole32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\Windows\System32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feec390000 50107f23 Jul 26 00:20:03 2012 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\Windows\System32\DPAPI.dll
             7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\Windows\System32\IPHLPAPI.DLL
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\Windows\System32\WINNSI.DLL
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\Windows\System32\wlanapi.dll
             7feeafc0000 501087a4 Jul 26 00:56:20 2012 C:\Windows\System32\wpnapps.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\UxTheme.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\Windows\System32\apphelp.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\propsys.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\Windows\System32\Bcp47Langs.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\Windows\System32\urlmon.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\Windows\System32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\Windows\System32\SSPICLI.DLL
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\Windows\System32\profapi.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\Windows\System32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\Windows\System32\DNSAPI.dll
             7feeaf40000 50108f3e Jul 26 01:28:46 2012 C:\Windows\System32\AuthBroker.dll
             7fee5e30000 505aa9a3 Sep 20 06:29:07 2012 C:\WINDOWS\system32\twinui.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\system32\TWINAPI.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\WINDOWS\system32\Windows.UI.Immersive.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\system32\DUI70.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\system32\OLEACC.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7feefc50000 5010a84b Jul 26 03:15:39 2012 C:\Windows\System32\LINKINFO.dll
             7fef2b40000 50108183 Jul 26 00:30:11 2012 C:\Windows\System32\ntshrui.dll
             7fef48c0000 501089ee Jul 26 01:06:06 2012 C:\Windows\System32\srvcli.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\Windows\System32\cscapi.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\Windows\System32\WINSTA.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\Windows\System32\slc.dll
             7feef950000 501089d7 Jul 26 01:05:43 2012 C:\Windows\System32\wcmapi.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000bd3a530000
    ProcessParameters: 000000bd3a5311e0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\Windows\System32\RuntimeBroker.exe'
    ImageFile:    'C:\Windows\System32\RuntimeBroker.exe'
    CommandLine:  'C:\Windows\System32\RuntimeBroker.exe -Embedding'
    DllPath:      '< Name not readable >'
    Environment:  000000bd3a530860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001d15900  Cid 03e4.0188  Teb: 000007f75e65e000 Win32Thread: fffff90103fa1b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003036fe0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740064       Ticks: 1064 (0:00:00:16.598)
        Context Switch Count      45             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address RuntimeBroker!wWinMainCRTStartup (0x000007f75ed537d0)
        Stack Init fffff880159fcdd0 Current fffff880159fc900
        Base fffff880159fd000 Limit fffff880159f7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80033e2980  Cid 03e4.0e78  Teb: 000007f75e52a000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003954900  SynchronizationEvent
            fffffa8001c9b060  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740436       Ticks: 692 (0:00:00:10.795)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88003008dd0 Current fffff88003008180
        Base fffff88003009000 Limit fffff88003003000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003fb0080  Cid 03e4.0880  Teb: 000007f75e528000 Win32Thread: fffff90100648b90 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80027a8940  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740565       Ticks: 563 (0:00:00:08.782)
        Context Switch Count      161            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff8800300fdd0 Current fffff8800300f5f0
        Base fffff88003010000 Limit fffff8800300a000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003f63080  Cid 03e4.0d74  Teb: 000007f75e658000 Win32Thread: fffff9010434a010 WAIT: (WrQueue) UserMode Alertable
            fffffa80021b8380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736547       Ticks: 4581 (0:00:01:11.464)
        Context Switch Count      265            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017572dd0 Current fffff88017572760
        Base fffff88017573000 Limit fffff8801756d000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e07080  Cid 03e4.0ac0  Teb: 000007f75e654000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80036f84a0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739847       Ticks: 1281 (0:00:00:19.983)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88017347dd0 Current fffff880173470f0
        Base fffff88017348000 Limit fffff88017342000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018af080  Cid 03e4.09f0  Teb: 000007f75e52e000 Win32Thread: fffff9010419a010 WAIT: (WrQueue) UserMode Alertable
            fffffa80021b8380  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739847       Ticks: 1281 (0:00:00:19.983)
        Context Switch Count      226            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880175ccdd0 Current fffff880175cc760
        Base fffff880175cd000 Limit fffff880175c7000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003faf580  Cid 03e4.073c  Teb: 000007f75e52c000 Win32Thread: fffff90104118010 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003b97990  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cc2940       Image:         RuntimeBroker.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736411       Ticks: 4717 (0:00:01:13.585)
        Context Switch Count      92             IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.031
        Win32 Start Address SHELL32!Windows::Internal::ComTaskPool::CThread::s_ThreadProc (0x000007fef66df4a0)
        Stack Init fffff88015e53dd0 Current fffff88015e535f0
        Base fffff88015e54000 Limit fffff88015e4e000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002cb2940
    SessionId: 2  Cid: 0c80    Peb: 7f6c41dd000  ParentCid: 0288
DeepFreeze
    DirBase: 2ef45000  ObjectTable: fffff8a002f215c0  HandleCount: <Data Not Accessible>
    Image: iexplore.exe
    VadRoot fffffa8001db41a0 Vads 277 Clone 0 Private 2247. Modified 3165. Locked 176.
    DeviceMap fffff8a000290b20
    Token                             fffff8a0006b38c0
    ElapsedTime                       00:15:05.509
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         428480
    QuotaPoolUsage[NonPagedPool]      39952
    Working Set Sizes (now,min,max)  (39219, 50, 345) (156876KB, 200KB, 1380KB)
    PeakWorkingSetSize                41317
    VirtualSize                       210 Mb
    PeakVirtualSize                   219 Mb
    PageFaultCount                    47799
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      2314
    Job                               fffffa80033d9060

    Setting context for this process...
.process /p /r fffffa8002cb2940
                                       
    !peb
PEB at 000007f6c41dd000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6c49b0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000218c3e1a90 . 0000002191b16690
    Ldr.InLoadOrderModuleList:           000000218c3e1bf0 . 0000002191b16670
    Ldr.InMemoryOrderModuleList:         000000218c3e1c00 . 0000002191b16680
                    Base TimeStamp                     Module
             7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
             7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll
             7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll
             7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\SYSTEM32\windows.ui.dll
             7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll
             7fee68d0000 50109f6a Jul 26 02:37:46 2012 C:\WINDOWS\SYSTEM32\IEUI.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll
             7feefc60000 505a94c2 Sep 20 05:00:02 2012 C:\WINDOWS\system32\mssprxy.dll
             7fee6830000 505a964f Sep 20 05:06:39 2012 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\Bcp47Langs.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll
             7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll
             7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\SYSTEM32\d3d10warp.dll
             7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\xmllite.dll
             7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\system32\dwrite.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll
             7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll
             7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\SYSTEM32\Msftedit.dll
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\SYSTEM32\MLANG.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\userenv.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef3c70000 50108aef Jul 26 01:10:23 2012 C:\WINDOWS\SYSTEM32\DPAPI.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7feede30000 5010868d Jul 26 00:51:41 2012 C:\WINDOWS\System32\netprofm.dll
             7fef1b70000 5010a665 Jul 26 03:07:33 2012 C:\WINDOWS\SYSTEM32\slc.dll
             7feed630000 5010a955 Jul 26 03:20:05 2012 C:\WINDOWS\System32\npmproxy.dll
    SubSystemData:     000007fee8ad43f0
    ProcessHeap:       000000218c3e0000
    ProcessParameters: 000000218c3e11e0
    CurrentDirectory:  'C:\Users\Dmitry\Desktop\'
    WindowTitle:  '"C:\Program Files\Internet Explorer\iexplore.exe"'
    ImageFile:    'C:\Program Files\Internet Explorer\iexplore.exe'
    CommandLine:  '"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer'
    DllPath:      '< Name not readable >'
    Environment:  000000218c3e0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001e4eb00  Cid 0c80.0514  Teb: 000007f6c41de000 Win32Thread: fffff901000e5b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001e4ede0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      7283           IdealProcessor: 0             
        UserTime                  00:00:00.202
        KernelTime                00:00:00.296
        Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00)
        Stack Init fffff880155f8dd0 Current fffff880155f8740
        Base fffff880155f9000 Limit fffff880155f3000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800219c080  Cid 0c80.0d88  Teb: 000007f6c41db000 Win32Thread: fffff90103f206e0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800219c360  NotificationEvent
        Waiting for reply to ALPC Message fffff8a0018c8030
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      6167           IdealProcessor: 0             
        UserTime                  00:00:00.156
        KernelTime                00:00:00.109
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801548ddd0 Current fffff8801548d430
        Base fffff8801548e000 Limit fffff88015488000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001c41080  Cid 0c80.056c  Teb: 000007f6c41d9000 Win32Thread: fffff90103fc23d0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001c41360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      512            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address iertutil!IsoManagerThreadNonzero_WindowsPump (0x000007fef61831f0)
        Stack Init fffff88015520dd0 Current fffff8801551fec0
        Base fffff88015521000 Limit fffff8801551b000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80036922c0  Cid 0c80.0ec8  Teb: 000007f6c41d7000 Win32Thread: fffff90103f68710 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa80036925a0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEFRAME!MTAThread (0x000007fee47c2b10)
        Stack Init fffff88015573dd0 Current fffff88015572f50
        Base fffff88015574000 Limit fffff8801556e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002ccf200  Cid 0c80.0fdc  Teb: 000007f6c41d5000 Win32Thread: fffff901006166f0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002ccf4e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      617            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880171c4dd0 Current fffff880171c4530
        Base fffff880171c5000 Limit fffff880171bf000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002cee240  Cid 0c80.0fa8  Teb: 000007f6c41d3000 Win32Thread: fffff90103fa79f0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002cee520  NotificationEvent
        IRP List:
            fffffa80041587b0: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      529            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155ffdd0 Current fffff880155ff530
        Base fffff88015600000 Limit fffff880155fa000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002cba240  Cid 0c80.0370  Teb: 000007f6c40ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002cba520  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88015806dd0 Current fffff88015805ec0
        Base fffff88015807000 Limit fffff88015801000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002cb9200  Cid 0c80.0f58  Teb: 000007f6c40aa000 Win32Thread: fffff901000e0580 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002cb94e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      23             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0)
        Stack Init fffff88015814dd0 Current fffff88015813ec0
        Base fffff88015815000 Limit fffff8801580f000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002caa080  Cid 0c80.0e64  Teb: 000007f6c40a8000 Win32Thread: fffff9010060b010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002caa360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEFRAME!MTACoreApplicationThread (0x000007fee48a5f70)
        Stack Init fffff88015822dd0 Current fffff88015821f50
        Base fffff88015823000 Limit fffff8801581d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800363c080  Cid 0c80.0038  Teb: 000007f6c40a6000 Win32Thread: fffff9010060b580 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800363c360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      39             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address shcore!COplockFileHandle::v_GetHandlerCLSID (0x000007fef2ef4020)
        Stack Init fffff8801581bdd0 Current fffff8801581af50
        Base fffff8801581c000 Limit fffff88015816000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80018bc240  Cid 0c80.0f50  Teb: 000007f6c40a4000 Win32Thread: fffff901006135f0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa80018bc520  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      133            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801589cdd0 Current fffff8801589c530
        Base fffff8801589d000 Limit fffff88015897000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003610080  Cid 0c80.0e54  Teb: 000007f6c40a2000 Win32Thread: fffff90103fc29f0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8003610360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff880158aadd0 Current fffff880158a9f50
        Base fffff880158ab000 Limit fffff880158a5000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002db7900  Cid 0c80.0c9c  Teb: 000007f6c40a0000 Win32Thread: fffff901006ab680 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002db7be0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      473            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880158b1dd0 Current fffff880158b1530
        Base fffff880158b2000 Limit fffff880158ac000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800210a780  Cid 0c80.0650  Teb: 000007f6c409a000 Win32Thread: fffff901006bb010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800210aa60  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      3877           IdealProcessor: 0             
        UserTime                  00:00:00.093
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880158a3dd0 Current fffff880158a3530
        Base fffff880158a4000 Limit fffff8801589e000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d65240  Cid 0c80.0f40  Teb: 000007f6c4098000 Win32Thread: fffff901000d4010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002d65520  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      122            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address iertutil!LCIEIsComponentSharedFlagValueSet_FromComponentThread (0x000007fef61831b0)
        Stack Init fffff880158c6dd0 Current fffff880158c5ec0
        Base fffff880158c7000 Limit fffff880158c1000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002d52200  Cid 0c80.0ad8  Teb: 000007f6c4094000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002d524e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      20             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880158cddd0 Current fffff880158cd530
        Base fffff880158ce000 Limit fffff880158c8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d53240  Cid 0c80.0dec  Teb: 000007f6c4092000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002d53520  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      1073           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880155e3dd0 Current fffff880155e3530
        Base fffff880155e4000 Limit fffff880155de000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e70340  Cid 0c80.0c40  Teb: 000007f6c40ac000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001e70620  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      14             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac)
        Stack Init fffff88016407dd0 Current fffff880164075b0
        Base fffff88016408000 Limit fffff88016402000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003b84b00  Cid 0c80.0978  Teb: 000007f6c409e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8003b84de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740837       Ticks: 291 (0:00:00:04.539)
        Context Switch Count      133            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc)
        Stack Init fffff88016342dd0 Current fffff880163426d0
        Base fffff88016343000 Limit fffff8801633d000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d7d4c0  Cid 0c80.0af0  Teb: 000007f6c409c000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002d7d7a0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015141dd0 Current fffff88015141530
        Base fffff88015142000 Limit fffff8801513c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001f5b900  Cid 0c80.0944  Teb: 000007f6c4096000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001f5bbe0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8002cb2940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990)
        Stack Init fffff8801515ddd0 Current fffff8801515d570
        Base fffff8801515e000 Limit fffff88015158000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8003816940
    SessionId: 2  Cid: 0d04    Peb: 7f6c3aca000  ParentCid: 0c80
DeepFreeze
    DirBase: 34024000  ObjectTable: fffff8a001749a00  HandleCount: <Data Not Accessible>
    Image: iexplore.exe
    VadRoot fffffa80036e0ad0 Vads 520 Clone 0 Private 9065. Modified 19575. Locked 728.
    DeviceMap fffff8a000290b20
    Token                             fffff8a002d4c500
    ElapsedTime                       00:15:04.230
    UserTime                          00:00:00.202
    KernelTime                        00:00:00.109
    QuotaPoolUsage[PagedPool]         477096
    QuotaPoolUsage[NonPagedPool]      81152
    Working Set Sizes (now,min,max)  (50713, 50, 345) (202852KB, 200KB, 1380KB)
    PeakWorkingSetSize                51043
    VirtualSize                       300 Mb
    PeakVirtualSize                   357 Mb
    PageFaultCount                    148600
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      9242
    Job                               fffffa80033d9060

    Setting context for this process...
.process /p /r fffffa8003816940
                                       
    !peb
PEB at 000007f6c3aca000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6c49b0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 0000002279c61b60 . 000000227f741320
    Ldr.InLoadOrderModuleList:           0000002279c61cc0 . 000000227f741300
    Ldr.InMemoryOrderModuleList:         0000002279c61cd0 . 000000227f741310
                    Base TimeStamp                     Module
             7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
             7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\SYSTEM32\USERENV.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\SYSTEM32\profapi.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7fee68d0000 50109f6a Jul 26 02:37:46 2012 C:\WINDOWS\SYSTEM32\IEUI.dll
             7fee34e0000 505aa515 Sep 20 06:09:41 2012 C:\WINDOWS\SYSTEM32\MSHTML.dll
             7fee7e50000 505a9a61 Sep 20 05:24:01 2012 C:\WINDOWS\SYSTEM32\d2d1.dll
             7feea260000 50108a84 Jul 26 01:08:36 2012 C:\WINDOWS\SYSTEM32\DWrite.dll
             7fef2380000 505a9aaa Sep 20 05:25:14 2012 C:\WINDOWS\SYSTEM32\dxgi.dll
             7fef1fb0000 505a98f1 Sep 20 05:17:53 2012 C:\WINDOWS\SYSTEM32\d3d11.dll
             7fee9f00000 4f6bfb79 Mar 23 04:26:33 2012 C:\WINDOWS\SYSTEM32\igd10umd64.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\SYSTEM32\DNSAPI.dll
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\Windows\System32\DUI70.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fee9dc0000 501084bb Jul 26 00:43:55 2012 C:\WINDOWS\SYSTEM32\windows.ui.dll
             7fee9130000 50108501 Jul 26 00:45:05 2012 C:\WINDOWS\SYSTEM32\NInput.dll
             7feed870000 501087a9 Jul 26 00:56:25 2012 C:\WINDOWS\SYSTEM32\MLANG.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\SYSTEM32\PROPSYS.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\SYSTEM32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\SYSTEM32\NTASN1.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\WINDOWS\SYSTEM32\cryptnet.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
             7feebfe0000 505a992d Sep 20 05:18:53 2012 C:\WINDOWS\SYSTEM32\webio.dll
             7fee69c0000 505a9b06 Sep 20 05:26:46 2012 C:\Windows\System32\jscript9.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll
             7fef02c0000 5010877e Jul 26 00:55:42 2012 C:\WINDOWS\system32\windowscodecsext.dll
             7fef0440000 5010875d Jul 26 00:55:09 2012 C:\WINDOWS\System32\msxml6.dll
             7fee5950000 501080fa Jul 26 00:27:54 2012 C:\Windows\System32\ieapfltr.dll
             7fef3650000 5010880a Jul 26 00:58:02 2012 C:\WINDOWS\system32\msimtf.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef29d0000 501089dc Jul 26 01:05:48 2012 C:\WINDOWS\SYSTEM32\dcomp.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\SYSTEM32\OLEACC.DLL
             7fef4c40000 5010a6e1 Jul 26 03:09:37 2012 C:\WINDOWS\SYSTEM32\sxs.dll
             7fee9980000 5010a9e8 Jul 26 03:22:32 2012 C:\WINDOWS\SYSTEM32\msls31.dll
             7fee92d0000 50109356 Jul 26 01:46:14 2012 C:\Windows\System32\PlayToManager.dll
             7fee58c0000 5010801c Jul 26 00:24:12 2012 C:\Windows\System32\Windows.Graphics.Printing.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\CFGMGR32.dll
             7fef1b10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\System32\UIAnimation.dll
             7fef14a0000 505a9a60 Sep 20 05:24:00 2012 C:\WINDOWS\SYSTEM32\D3D10Warp.dll
             7fef1130000 50108750 Jul 26 00:54:56 2012 C:\Windows\System32\uiautomationcore.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       0000002279c60000
    ProcessParameters: 0000002279c612a0
    CurrentDirectory:  'C:\Users\Dmitry\Desktop\'
    WindowTitle:  'C:\Program Files\Internet Explorer\iexplore.exe'
    ImageFile:    'C:\Program Files\Internet Explorer\iexplore.exe'
    CommandLine:  '"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3200 CREDAT:267777 /prefetch:1'
    DllPath:      '< Name not readable >'
    Environment:  0000002279c8f9b0
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HKCU_S=\REGISTRY\CUSER\Software
        HKLM_S=\REGISTRY\MACHINE\Software
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Packages\windows_ie_ac_001\AC\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8002ca7080  Cid 0d04.0968  Teb: 000007f6c3ace000 Win32Thread: fffff90103fa73d0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002ca7360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      196            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00)
        Stack Init fffff8801580ddd0 Current fffff8801580cec0
        Base fffff8801580e000 Limit fffff88015808000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8004154080  Cid 0d04.08f8  Teb: 000007f6c3ac8000 Win32Thread: fffff901006b9b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8004154360  NotificationEvent
        Waiting for reply to ALPC Message fffff8a006909990
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      670            IdealProcessor: 0             
        UserTime                  00:00:00.109
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801631fdd0 Current fffff8801631f430
        Base fffff88016320000 Limit fffff8801631a000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001dd6b00  Cid 0d04.0728  Teb: 000007f6c3ac6000 Win32Thread: fffff901006b7860 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001dd6de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      30             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880162afdd0 Current fffff880162aeec0
        Base fffff880162b0000 Limit fffff880162aa000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001decb00  Cid 0d04.0c54  Teb: 000007f6c399e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001decde0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88016326dd0 Current fffff88016325ec0
        Base fffff88016327000 Limit fffff88016321000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800415a5c0  Cid 0d04.0f90  Teb: 000007f6c399c000 Win32Thread: fffff901006a9830 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800415a8a0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      12394          IdealProcessor: 0             
        UserTime                  00:00:02.683
        KernelTime                00:00:00.811
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880162bddd0 Current fffff880162bd540
        Base fffff880162be000 Limit fffff880162b8000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001e58b00  Cid 0d04.0c70  Teb: 000007f6c3998000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001e58de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740837       Ticks: 291 (0:00:00:04.539)
        Context Switch Count      256            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88016229dd0 Current fffff880162296d0
        Base fffff8801622a000 Limit fffff88016224000 Call 0
        Priority 12 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001e52b00  Cid 0d04.085c  Teb: 000007f6c3996000 Win32Thread: fffff901000e0b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001e52de0  NotificationEvent
        IRP List:
            fffffa80018ed010: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      542            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161f0dd0 Current fffff880161f0530
        Base fffff880161f1000 Limit fffff880161eb000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa800418ab00  Cid 0d04.0de0  Teb: 000007f6c3994000 Win32Thread: fffff901006c7b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800418ade0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      229            IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880161dbdd0 Current fffff880161db530
        Base fffff880161dc000 Limit fffff880161d6000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa800418a380  Cid 0d04.0f74  Teb: 000007f6c3990000 Win32Thread: fffff901006c5b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800418a660  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      220            IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016237dd0 Current fffff88016237530
        Base fffff88016238000 Limit fffff88016232000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001c3e3c0  Cid 0d04.0864  Teb: 000007f6c398e000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001c3e6a0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      33             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff8801637add0 Current fffff8801637a570
        Base fffff8801637b000 Limit fffff88016375000 Call 0
        Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001e74080  Cid 0d04.0e60  Teb: 000007f6c398c000 Win32Thread: fffff901006bd010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001e74360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      54             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017211dd0 Current fffff880172116d0
        Base fffff88017212000 Limit fffff8801720c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80026a3b00  Cid 0d04.0cc0  Teb: 000007f6c398a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa80026a3de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      15             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880158e9dd0 Current fffff880158e9530
        Base fffff880158ea000 Limit fffff880158e4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002064080  Cid 0d04.0fe0  Teb: 000007f6c3986000 Win32Thread: fffff901006d3010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002064360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      195            IdealProcessor: 0             
        UserTime                  00:00:00.046
        KernelTime                00:00:00.015
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88016400dd0 Current fffff880163fff50
        Base fffff88016401000 Limit fffff880163fb000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8004050b00  Cid 0d04.0b5c  Teb: 000007f6c3984000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8004050de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      104            IdealProcessor: 0             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.015
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880172f2dd0 Current fffff880172f1f50
        Base fffff880172f3000 Limit fffff880172ed000 Call 0
        Priority 7 BasePriority 7 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001d27080  Cid 0d04.0c4c  Teb: 000007f6c3982000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001d27360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      686            IdealProcessor: 0             
        UserTime                  00:00:00.405
        KernelTime                00:00:00.015
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88014f2cdd0 Current fffff88014f2c6d0
        Base fffff88014f2d000 Limit fffff88014f27000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002d24240  Cid 0d04.0cec  Teb: 000007f6c3980000 Win32Thread: fffff901006d3b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8002d24520  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      156            IdealProcessor: 0             
        UserTime                  00:00:00.124
        KernelTime                00:00:00.031
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880158dbdd0 Current fffff880158daf50
        Base fffff880158dc000 Limit fffff880158d6000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80020b8b00  Cid 0d04.0a4c  Teb: 000007f6c397c000 Win32Thread: fffff901006d5010 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa80020b8de0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      153            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880154f6dd0 Current fffff880154f63c0
        Base fffff880154f7000 Limit fffff880154f1000 Call 0
        Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8001dfb080  Cid 0d04.0c6c  Teb: 000007f6c397a000 Win32Thread: fffff9010069bb90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001dfb360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      512            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88015948dd0 Current fffff880159486d0
        Base fffff88015949000 Limit fffff88015943000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003629900  Cid 0d04.05a0  Teb: 000007f6c3978000 Win32Thread: fffff901006d5710 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8003629be0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      1296           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff880158e2dd0 Current fffff880158e1f50
        Base fffff880158e3000 Limit fffff880158dd000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800404cb00  Cid 0d04.0508  Teb: 000007f6c3976000 Win32Thread: fffff90103fe5710 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800404cde0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff88017248dd0 Current fffff88017247f50
        Base fffff88017249000 Limit fffff88017243000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800398db00  Cid 0d04.03ac  Teb: 000007f6c3974000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800398dde0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      17             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015ea0dd0 Current fffff88015ea0530
        Base fffff88015ea1000 Limit fffff88015e9b000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa800200f480  Cid 0d04.0398  Teb: 000007f6c399a000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800200f760  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8003816940       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac)
        Stack Init fffff8800319bdd0 Current fffff8800319b5b0
        Base fffff8800319c000 Limit fffff88003196000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8001f7b7c0
    SessionId: 2  Cid: 0e74    Peb: 7f6c39d9000  ParentCid: 0c80
DeepFreeze
    DirBase: 6772a000  ObjectTable: fffff8a0084321c0  HandleCount: <Data Not Accessible>
    Image: iexplore.exe
    VadRoot fffffa800388ba00 Vads 97 Clone 0 Private 364. Modified 1. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a0068d58c0
    ElapsedTime                       00:14:58.099
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         221744
    QuotaPoolUsage[NonPagedPool]      12656
    Working Set Sizes (now,min,max)  (2105, 50, 345) (8420KB, 200KB, 1380KB)
    PeakWorkingSetSize                2113
    VirtualSize                       111 Mb
    PeakVirtualSize                   113 Mb
    PageFaultCount                    2275
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      610
    Job                               fffffa80033d9060

    Setting context for this process...
.process /p /r fffffa8001f7b7c0
                                       
    !peb
PEB at 000007f6c39d9000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6c49b0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000047cd5c1a90 . 00000047cd5ebd60
    Ldr.InLoadOrderModuleList:           00000047cd5c1bf0 . 00000047cd5ebd40
    Ldr.InMemoryOrderModuleList:         00000047cd5c1c00 . 00000047cd5ebd50
                    Base TimeStamp                     Module
             7f6c49b0000 50107ebe Jul 26 00:18:22 2012 C:\Program Files\Internet Explorer\iexplore.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fee4770000 505a980d Sep 20 05:14:05 2012 C:\WINDOWS\SYSTEM32\IEFRAME.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
             7fee6960000 505a93ca Sep 20 04:55:54 2012 C:\Program Files\Internet Explorer\IEShims.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\comdlg32.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\WINDOWS\SYSTEM32\twinapi.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\SYSTEM32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\SYSTEM32\SSPICLI.DLL
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\SYSTEM32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\SYSTEM32\WINNSI.DLL
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\dwmapi.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fee6e10000 50107f0a Jul 26 00:19:38 2012 C:\Program Files\Internet Explorer\ieproxy.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000047cd5c0000
    ProcessParameters: 00000047cd5c11e0
    CurrentDirectory:  'C:\Users\Dmitry\Desktop\'
    WindowTitle:  'C:\Program Files\Internet Explorer\iexplore.exe'
    ImageFile:    'C:\Program Files\Internet Explorer\iexplore.exe'
    CommandLine:  '"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3200 CREDAT:5377 /prefetch:1'
    DllPath:      '< Name not readable >'
    Environment:  00000047cd5e9dd0
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HKCU_S=\REGISTRY\CUSER\Software
        HKLM_S=\REGISTRY\MACHINE\Software
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp\Low
        TMP=C:\Users\Dmitry\AppData\Local\Temp\Low
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001d50700  Cid 0e74.0184  Teb: 000007f6c39de000 Win32Thread: fffff90103fed5e0 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8001d509e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001f7b7c0       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      88             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address iexplore!wWinMainCRTStartup (0x000007f6c49b1b00)
        Stack Init fffff880171f5dd0 Current fffff880171f4ec0
        Base fffff880171f6000 Limit fffff880171f0000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80018ffb00  Cid 0e74.0b44  Teb: 000007f6c39dc000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa80018ffde0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001f7b7c0       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      52             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017076dd0 Current fffff880170766d0
        Base fffff88017077000 Limit fffff88017071000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800377f080  Cid 0e74.0844  Teb: 000007f6c39da000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa800377f360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001f7b7c0       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      19             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003dc8dd0 Current fffff88003dc8530
        Base fffff88003dc9000 Limit fffff88003dc3000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003eff080  Cid 0e74.00e0  Teb: 000007f6c39d7000 Win32Thread: fffff901006e5b90 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8003eff360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001f7b7c0       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      16             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address IEShims!NS_CreateThread::ImmersiveIE_ThreadProc (0x000007fee69746d4)
        Stack Init fffff8801700ddd0 Current fffff8801700cec0
        Base fffff8801700e000 Limit fffff88017008000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8003e46080  Cid 0e74.0a0c  Teb: 000007f6c38ae000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
FreezeCount 1
            fffffa8003e46360  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001f7b7c0       Image:         iexplore.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15734574       Ticks: 6554 (0:00:01:42.243)
        Context Switch Count      11             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpNotificationThread (0x000007fef7f257ac)
        Stack Init fffff8801615ddd0 Current fffff8801615d5b0
        Base fffff8801615e000 Limit fffff88016158000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002d74180
    SessionId: 2  Cid: 0ca0    Peb: 7f770b7f000  ParentCid: 0d68
    DirBase: 08818000  ObjectTable: fffff8a001f18d80  HandleCount: <Data Not Accessible>
    Image: Taskmgr.exe
    VadRoot fffffa8003e9d1e0 Vads 239 Clone 0 Private 2297. Modified 243564. Locked 0.
    DeviceMap fffff8a007e2e6a0
    Token                             fffff8a007e3b8c0
    ElapsedTime                       00:10:57.072
    UserTime                          00:00:11.325
    KernelTime                        00:00:26.878
    QuotaPoolUsage[PagedPool]         482336
    QuotaPoolUsage[NonPagedPool]      31280
    Working Set Sizes (now,min,max)  (7136, 50, 345) (28544KB, 200KB, 1380KB)
    PeakWorkingSetSize                7337
    VirtualSize                       216 Mb
    PeakVirtualSize                   343 Mb
    PageFaultCount                    51873
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      2905

    Setting context for this process...
.process /p /r fffffa8002d74180
                                       
    !peb
PEB at 000007f770b7f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f770dd0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000f06e9b1a10 . 000000f070e6d150
    Ldr.InLoadOrderModuleList:           000000f06e9b1b70 . 000000f070e6d130
    Ldr.InMemoryOrderModuleList:         000000f06e9b1b80 . 000000f070e6d140
                    Base TimeStamp                     Module
             7f770dd0000 50107c26 Jul 26 00:07:18 2012 C:\WINDOWS\system32\taskmgr.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\SYSTEM32\cfgmgr32.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef4080000 5010ac3a Jul 26 03:32:26 2012 C:\WINDOWS\system32\pcwum.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\UxTheme.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef1750000 5010969b Jul 26 02:00:11 2012 C:\WINDOWS\system32\credui.dll
             7fef2a80000 5010846e Jul 26 00:42:38 2012 C:\WINDOWS\system32\DUser.dll
             7fef21c0000 50108e6a Jul 26 01:25:14 2012 C:\WINDOWS\system32\DUI70.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef4d20000 5010876c Jul 26 00:55:24 2012 C:\WINDOWS\system32\WINSTA.dll
             7feebbe0000 501089d1 Jul 26 01:05:37 2012 C:\WINDOWS\system32\srumapi.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fef2420000 505a924c Sep 20 04:49:32 2012 C:\Windows\System32\Windows.UI.Immersive.dll
             7fef4d70000 50108a11 Jul 26 01:06:41 2012 C:\WINDOWS\system32\samcli.dll
             7fef0f50000 50108a13 Jul 26 01:06:43 2012 C:\WINDOWS\system32\SAMLIB.dll
             7fef4100000 50108a19 Jul 26 01:06:49 2012 C:\WINDOWS\system32\netutils.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\WindowsCodecs.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\WINDOWS\system32\OLEACC.dll
             7fef06b0000 505a9bdc Sep 20 05:30:20 2012 C:\WINDOWS\system32\dhcpcsvc6.DLL
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef06e0000 505a9b9c Sep 20 05:29:16 2012 C:\WINDOWS\system32\dhcpcsvc.DLL
             7fef1740000 5010ac6c Jul 26 03:33:16 2012 C:\WINDOWS\system32\wlanutil.dll
             7fef03b0000 5063dc6b Sep 27 05:56:11 2012 C:\WINDOWS\system32\wlanapi.dll
             7fef37e0000 501089ec Jul 26 01:06:04 2012 C:\WINDOWS\system32\wkscli.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7feed830000 501080ee Jul 26 00:27:42 2012 C:\Windows\System32\thumbcache.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\Windows\System32\PROPSYS.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7fef2580000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\system32\Bcp47Langs.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\SYSTEM32\bcrypt.dll
             7feeeb70000 50107f98 Jul 26 00:22:00 2012 C:\Windows\System32\MrmCoreR.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll
             7fef31b0000 50108834 Jul 26 00:58:44 2012 C:\WINDOWS\system32\dbghelp.dll
             7feeb770000 50109564 Jul 26 01:55:00 2012 C:\WINDOWS\System32\cscui.dll
             7fef30c0000 5010a9be Jul 26 03:21:50 2012 C:\WINDOWS\System32\CSCDLL.dll
             7fef30d0000 5010a183 Jul 26 02:46:43 2012 C:\WINDOWS\System32\cscobj.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\System32\USERENV.dll
             7feec150000 501089ad Jul 26 01:05:01 2012 C:\WINDOWS\system32\CSCAPI.dll
             7fee72f0000 50109745 Jul 26 02:03:01 2012 C:\Windows\System32\EhStorShell.dll
             7feef920000 501089fe Jul 26 01:06:22 2012 C:\WINDOWS\SYSTEM32\ntmarta.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SSPICLI.DLL
             7fef3320000 50108655 Jul 26 00:50:45 2012 C:\Windows\System32\taskschd.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000f06e9b0000
    ProcessParameters: 000000f06e9b11e0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\taskmgr.exe'
    ImageFile:    'C:\WINDOWS\system32\taskmgr.exe'
    CommandLine:  '"C:\WINDOWS\system32\taskmgr.exe" /4'
    DllPath:      '< Name not readable >'
    Environment:  000000f06e9b0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8003db4740  Cid 0ca0.03e0  Teb: 000007f770b7d000 Win32Thread: fffff90104094830 RUNNING on processor 0
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741128       Ticks: 0
        Context Switch Count      31359          IdealProcessor: 0             
        UserTime                  00:00:09.859
        KernelTime                00:00:07.394
        Win32 Start Address taskmgr!wWinMainCRTStartup (0x000007f770e68688)
        Stack Init fffff88015925dd0 Current fffff88015925800
        Base fffff88015926000 Limit fffff88015920000 Call 0
        Priority 13 BasePriority 9 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80039dfb00  Cid 0ca0.0564  Teb: 000007f770b7b000 Win32Thread: fffff90103f44710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003665fe0  SynchronizationEvent
            fffffa8002cc1d30  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15699020       Ticks: 42108 (0:00:10:56.889)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!endthreadex (0x000007fef7845e10)
        Stack Init fffff880155d5dd0 Current fffff880155d5180
        Base fffff880155d6000 Limit fffff880155d0000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003253b00  Cid 0ca0.0d64  Teb: 000007f770b79000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800307aca0  NotificationEvent
            fffffa80036357a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      653            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff880159dadd0 Current fffff880159da180
        Base fffff880159db000 Limit fffff880159d5000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003b45b00  Cid 0ca0.0824  Teb: 000007f770b77000 Win32Thread: fffff90103f5cb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003612250  NotificationEvent
            fffffa8002cb6890  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      2818           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.124
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff8801595ddd0 Current fffff8801595d180
        Base fffff8801595e000 Limit fffff88015958000 Call 0
        Priority 13 BasePriority 10 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80018eab00  Cid 0ca0.0888  Teb: 000007f770b75000 Win32Thread: fffff90103ff8b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c81ca0  NotificationEvent
            fffffa80036767a0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      4747           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.078
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff8801594fdd0 Current fffff8801594f180
        Base fffff88015950000 Limit fffff8801594a000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80033f63c0  Cid 0ca0.0e28  Teb: 000007f770b73000 Win32Thread: fffff901006bb710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040844b0  NotificationEvent
            fffffa8002e58710  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15699023       Ticks: 42105 (0:00:10:56.842)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff880159ccdd0 Current fffff880159cc180
        Base fffff880159cd000 Limit fffff880159c7000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f075c0  Cid 0ca0.06d4  Teb: 000007f770a4c000 Win32Thread: fffff901040b5b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002d94de0  NotificationEvent
            fffffa800371fc70  SynchronizationEvent
            fffffa8002d704f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      19727          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.078
        Win32 Start Address taskmgr!TmTraceControl::IncrementThread (0x000007f770df1fc4)
        Stack Init fffff880159efdd0 Current fffff880159ef180
        Base fffff880159f0000 Limit fffff880159ea000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003f23b00  Cid 0ca0.0db8  Teb: 000007f770a4a000 Win32Thread: fffff90103fa5610 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80036d1420  NotificationEvent
            fffffa80036c8cb0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741106       Ticks: 22 (0:00:00:00.343)
        Context Switch Count      811            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!CRUMAPIHelper::SrumThread (0x000007f770e0db10)
        Stack Init fffff88015e0ddd0 Current fffff88015e0d180
        Base fffff88015e0e000 Limit fffff88015e08000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa800404a080  Cid 0ca0.0c88  Teb: 000007f770a48000 Win32Thread: fffff901006b9710 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c95500  NotificationEvent
            fffffa8003f37990  SynchronizationEvent
            fffffa800409e6c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15699025       Ticks: 42103 (0:00:10:56.811)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff88015e22dd0 Current fffff88015e22180
        Base fffff88015e23000 Limit fffff88015e1d000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001de0b00  Cid 0ca0.0c84  Teb: 000007f770a46000 Win32Thread: fffff9010065f010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa800372dc50  NotificationEvent
            fffffa80041961c0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      2887           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff88015e29dd0 Current fffff88015e29180
        Base fffff88015e2a000 Limit fffff88015e24000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80039d3b00  Cid 0ca0.07e4  Teb: 000007f770a44000 Win32Thread: fffff901040e2530 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002067370  SynchronizationEvent
            fffffa8003f46e10  NotificationEvent
            fffffa800205cce0  SynchronizationEvent
            fffffa8003826490  SynchronizationEvent
            fffffa8003ee0dc0  SynchronizationEvent
            fffffa80030959b8  NotificationEvent
            fffffa800362fd18  NotificationEvent
        IRP List:
            fffffa800211ac10: (0006,03e8) Flags: 00060000  Mdl: 00000000
            fffffa800198a360: (0006,03e8) Flags: 00060000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15699048       Ticks: 42080 (0:00:10:56.452)
        Context Switch Count      40             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcDataMonitor::UpdateThread (0x000007f770dfdf1c)
        Stack Init fffff88015e3edd0 Current fffff88015e3e180
        Base fffff88015e3f000 Limit fffff88015e39000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002d01200  Cid 0ca0.0a9c  Teb: 000007f770a42000 Win32Thread: fffff901040f7b90 WAIT: (WrQueue) UserMode Alertable
            fffffa8001e75ec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740913       Ticks: 215 (0:00:00:03.354)
        Context Switch Count      565            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015e4cdd0 Current fffff88015e4c760
        Base fffff88015e4d000 Limit fffff88015e47000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80040036c0  Cid 0ca0.0244  Teb: 000007f770a3c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80021566a0  SynchronizationEvent
            fffffa8002cd3ce0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739266       Ticks: 1862 (0:00:00:29.047)
        Context Switch Count      1896           IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcServiceCache::s_InformClientsThread (0x000007f770e07be4)
        Stack Init fffff88015f10dd0 Current fffff88015f10180
        Base fffff88015f11000 Limit fffff88015f0b000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8002198b00  Cid 0ca0.0aa4  Teb: 000007f770a36000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003798d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15715946       Ticks: 25182 (0:00:06:32.841)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880160eddd0 Current fffff880160ed760
        Base fffff880160ee000 Limit fffff880160e8000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001f3b080  Cid 0ca0.0d2c  Teb: 000007f770a4e000 Win32Thread: fffff90103f2ab90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040e0220  SynchronizationEvent
            fffffa8003da2630  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      2113           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address taskmgr!WdcProcessMonitor::HangDetectionThread (0x000007f770e01354)
        Stack Init fffff88016222dd0 Current fffff88016222180
        Base fffff88016223000 Limit fffff8801621d000 Call 0
        Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa8003bbdb00  Cid 0ca0.0ae8  Teb: 000007f770a3a000 Win32Thread: fffff90103f6e530 WAIT: (WrQueue) UserMode Alertable
            fffffa8001e75ec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      7261           IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150c3dd0 Current fffff880150c3760
        Base fffff880150c4000 Limit fffff880150be000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e74b00  Cid 0ca0.0c34  Teb: 000007f770a34000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003e58460  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740965       Ticks: 163 (0:00:00:02.542)
        Context Switch Count      10             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff880173bedd0 Current fffff880173be0f0
        Base fffff880173bf000 Limit fffff880173b9000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5

        THREAD fffffa80020b5900  Cid 0ca0.0154  Teb: 000007f770a40000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001e75ec0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a007e2e6a0
        Owning Process            fffffa8002d74180       Image:         Taskmgr.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740913       Ticks: 215 (0:00:00:03.354)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88014e29dd0 Current fffff88014e29760
        Base fffff88014e2a000 Limit fffff88014e24000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8001e0f740
    SessionId: 2  Cid: 0d7c    Peb: 7f65412f000  ParentCid: 0c78
    DirBase: 0e165000  ObjectTable: fffff8a00055ff00  HandleCount: <Data Not Accessible>
    Image: notepad.exe
    VadRoot fffffa80038c6d30 Vads 55 Clone 0 Private 228. Modified 4. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a0018dc8c0
    ElapsedTime                       00:05:13.216
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         191120
    QuotaPoolUsage[NonPagedPool]      6912
    Working Set Sizes (now,min,max)  (1311, 50, 345) (5244KB, 200KB, 1380KB)
    PeakWorkingSetSize                1311
    VirtualSize                       93 Mb
    PeakVirtualSize                   97 Mb
    PageFaultCount                    1348
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      315
    Job                               fffffa8003e3ea30

    Setting context for this process...
.process /p /r fffffa8001e0f740
                                       
    !peb
PEB at 000007f65412f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f654c30000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000554ff41a10 . 000000554ff48cb0
    Ldr.InLoadOrderModuleList:           000000554ff41b70 . 000000554ff48c90
    Ldr.InMemoryOrderModuleList:         000000554ff41b80 . 000000554ff48ca0
                    Base TimeStamp                     Module
             7f654c30000 501099bc Jul 26 02:13:32 2012 C:\WINDOWS\system32\notepad.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\COMDLG32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000554ff40000
    ProcessParameters: 000000554ff411e0
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\notepad.exe'
    ImageFile:    'C:\WINDOWS\system32\notepad.exe'
    CommandLine:  '"C:\WINDOWS\system32\notepad.exe" '
    DllPath:      '< Name not readable >'
    Environment:  000000554ff40860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001ec4b00  Cid 0d7c.0bc4  Teb: 000007f65412d000 Win32Thread: fffff90104165010 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8003808f20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8001e0f740       Image:         notepad.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      2411           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address notepad!WinMainCRTStartup (0x000007f654c35a40)
        Stack Init fffff88015856dd0 Current fffff880158565f0
        Base fffff88015857000 Limit fffff88015851000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5


PROCESS fffffa8001d54580
    SessionId: 0  Cid: 0f98    Peb: 7f76acaa000  ParentCid: 0220
    DirBase: 18acb000  ObjectTable: fffff8a0022e3980  HandleCount: <Data Not Accessible>
    Image: msiexec.exe
    VadRoot fffffa8003b87d70 Vads 148 Clone 0 Private 861. Modified 257. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a002c74930
    ElapsedTime                       00:03:36.886
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         111448
    QuotaPoolUsage[NonPagedPool]      18944
    Working Set Sizes (now,min,max)  (2268, 50, 345) (9072KB, 200KB, 1380KB)
    PeakWorkingSetSize                2278
    VirtualSize                       208 Mb
    PeakVirtualSize                   209 Mb
    PageFaultCount                    2621
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      3725

    Setting context for this process...
.process /p /r fffffa8001d54580
                                       
    !peb
PEB at 000007f76acaa000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f76b130000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000552fa91980 . 000000552fad23f0
    Ldr.InLoadOrderModuleList:           000000552fa91ae0 . 000000552fad23d0
    Ldr.InMemoryOrderModuleList:         000000552fa91af0 . 000000552fad23e0
                    Base TimeStamp                     Module
             7f76b130000 5010a4a3 Jul 26 03:00:03 2012 C:\WINDOWS\system32\msiexec.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7feeef40000 505ab1f8 Sep 20 07:04:40 2012 C:\WINDOWS\system32\apphelp.dll
             7feee3b0000 505aa251 Sep 20 05:57:53 2012 C:\WINDOWS\AppPatch\AppPatch64\AcLayers.DLL
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7feebf20000 5010ac3d Jul 26 03:32:29 2012 C:\WINDOWS\system32\sfc.dll
             7feeb5f0000 501081fa Jul 26 00:32:10 2012 C:\WINDOWS\system32\WINSPOOL.DRV
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7feeef30000 5010a9de Jul 26 03:22:22 2012 C:\WINDOWS\system32\sfc_os.DLL
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.DLL
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feee290000 505a9411 Sep 20 04:57:05 2012 C:\WINDOWS\system32\AppxDeploymentServer.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef4d00000 5010a79e Jul 26 03:12:46 2012 C:\WINDOWS\system32\WTSAPI32.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7feeefe0000 5010aad8 Jul 26 03:26:32 2012 C:\WINDOWS\system32\ESENT.dll
             7fef3690000 50108798 Jul 26 00:56:08 2012 C:\WINDOWS\system32\tdh.dll
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\USERENV.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 C:\WINDOWS\system32\VERSION.dll
             7fef3a50000 50108995 Jul 26 01:04:37 2012 C:\WINDOWS\system32\wevtapi.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\Bcrypt.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000552fa90000
    ProcessParameters: 000000552fa91170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\msiexec.exe'
    ImageFile:    'C:\WINDOWS\system32\msiexec.exe'
    CommandLine:  'C:\WINDOWS\system32\msiexec.exe /V'
    DllPath:      '< Name not readable >'
    Environment:  000000552fa90860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa8004165b00  Cid 0f98.0790  Teb: 000007f76acae000 Win32Thread: fffff901006a7570 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003f2c290  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727297       Ticks: 13831 (0:00:03:35.764)
        Context Switch Count      56             IdealProcessor: 0             
        UserTime                  00:00:00.031
        KernelTime                00:00:00.046
        Win32 Start Address msiexec!WinMainCRTStartup (0x000007f76b145308)
        Stack Init fffff88016559dd0 Current fffff88016559900
        Base fffff8801655a000 Limit fffff88016554000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002ca9700  Cid 0f98.0f80  Teb: 000007f76acac000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b9ea00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739266       Ticks: 1862 (0:00:00:29.047)
        Context Switch Count      589            IdealProcessor: 0             
        UserTime                  00:00:00.156
        KernelTime                00:00:00.062
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88016589dd0 Current fffff88016589760
        Base fffff8801658a000 Limit fffff88016584000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80020ffb00  Cid 0f98.0bc8  Teb: 000007f76aca4000 Win32Thread: fffff90100699b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002d1f5a0  NotificationTimer
            fffffa800364f950  NotificationEvent
            fffffa8001e374f0  SynchronizationEvent
            fffffa80037ce180  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727303       Ticks: 13825 (0:00:03:35.671)
        Context Switch Count      48             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msiexec!ServiceThreadMain (0x000007f76b13b560)
        Stack Init fffff880165c2dd0 Current fffff880165c2180
        Base fffff880165c3000 Limit fffff880165bd000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80018f13c0  Cid 0f98.0074  Teb: 000007f76ab7e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001dc54d0  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727582       Ticks: 13546 (0:00:03:31.318)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880165d8dd0 Current fffff880165d8900
        Base fffff880165d9000 Limit fffff880165d3000 Call 0
        Priority 9 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002e8ab00  Cid 0f98.0f38  Teb: 000007f76ab7c000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002f03060  SynchronizationEvent
            fffffa8002d50810  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727322       Ticks: 13806 (0:00:03:35.374)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ESENT!UtilThreadIThreadBase (0x000007feef04ad20)
        Stack Init fffff880165e6dd0 Current fffff880165e6180
        Base fffff880165e7000 Limit fffff880165e1000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80020915c0  Cid 0f98.0f7c  Teb: 000007f76ab78000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa800181af80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15727325       Ticks: 13803 (0:00:03:35.328)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880165dfdd0 Current fffff880165df760
        Base fffff880165e0000 Limit fffff880165da000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003bdab00  Cid 0f98.02fc  Teb: 000007f76aca8000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003b9ea00  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8001d54580       Image:         msiexec.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739266       Ticks: 1862 (0:00:00:29.047)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015022dd0 Current fffff88015022760
        Base fffff88015023000 Limit fffff8801501d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa80033bb940
    SessionId: 2  Cid: 0a50    Peb: 7f71da5f000  ParentCid: 0d68
    DirBase: 1348e000  ObjectTable: fffff8a00303f300  HandleCount: <Data Not Accessible>
    Image: mspaint.exe
    VadRoot fffffa8002778510 Vads 382 Clone 0 Private 1917. Modified 4. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a001e5f3d0
    ElapsedTime                       00:03:23.857
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         246176
    QuotaPoolUsage[NonPagedPool]      48832
    Working Set Sizes (now,min,max)  (4508, 50, 345) (18032KB, 200KB, 1380KB)
    PeakWorkingSetSize                4593
    VirtualSize                       129 Mb
    PeakVirtualSize                   133 Mb
    PageFaultCount                    6008
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      2145

    Setting context for this process...
.process /p /r fffffa80033bb940
                                       
    !peb
PEB at 000007f71da5f000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f71e310000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000058e27c1a90 . 00000058e27e8610
    Ldr.InLoadOrderModuleList:           00000058e27c1bf0 . 00000058e27e85f0
    Ldr.InMemoryOrderModuleList:         00000058e27c1c00 . 00000058e27e8600
                    Base TimeStamp                     Module
             7f71e310000 501095b7 Jul 26 01:56:23 2012 C:\WINDOWS\system32\mspaint.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7feee130000 5010908a Jul 26 01:34:18 2012 C:\WINDOWS\system32\MFC42u.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7a20000 50108ed8 Jul 26 01:27:04 2012 C:\WINDOWS\system32\COMDLG32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\COMCTL32.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef0cb0000 505a95dd Sep 20 05:04:45 2012 C:\WINDOWS\system32\PROPSYS.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef1070000 501086a8 Jul 26 00:52:08 2012 C:\WINDOWS\system32\WINMM.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7feee070000 50109fd3 Jul 26 02:39:31 2012 C:\WINDOWS\system32\ODBC32.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7feedb10000 50108764 Jul 26 00:55:16 2012 C:\WINDOWS\system32\WINMMBASE.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\system32\SHCORE.DLL
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7fef6380000 50108728 Jul 26 00:54:16 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\gdiplus.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fee5b70000 5010891b Jul 26 01:02:35 2012 C:\WINDOWS\system32\MSFTEDIT.DLL
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fee30c0000 5010908d Jul 26 01:34:21 2012 C:\WINDOWS\system32\UIRibbon.dll
             7fef2e90000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\XmlLite.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7feec320000 5010a159 Jul 26 02:46:01 2012 C:\Windows\System32\sti.dll
             7fef0f20000 5010a9dd Jul 26 03:22:21 2012 C:\WINDOWS\system32\wiatrace.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
             7fee5790000 5010ac85 Jul 26 03:33:41 2012 C:\WINDOWS\system32\UIRibbonRes.dll
             7fef1980000 505a9949 Sep 20 05:19:21 2012 C:\WINDOWS\system32\windowscodecs.dll
             7fef26f0000 5010877b Jul 26 00:55:39 2012 C:\Windows\System32\oleacc.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       00000058e27c0000
    ProcessParameters: 00000058e27c1210
    CurrentDirectory:  'C:\WINDOWS\System32\'
    WindowTitle:  'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk'
    ImageFile:    'C:\WINDOWS\system32\mspaint.exe'
    CommandLine:  '"C:\WINDOWS\system32\mspaint.exe" '
    DllPath:      '< Name not readable >'
    Environment:  00000058e27c0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SESSIONNAME=Console
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8003e87b00  Cid 0a50.0e50  Teb: 000007f71da5d000 Win32Thread: fffff9010419c7a0 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa8002cfe830  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      6061           IdealProcessor: 0             
        UserTime                  00:00:01.154
        KernelTime                00:00:00.639
        Win32 Start Address mspaint!wWinMainCRTStartup (0x000007f71e33df00)
        Stack Init fffff88016318dd0 Current fffff880163185f0
        Base fffff88016319000 Limit fffff88016313000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80027dfb00  Cid 0a50.0d20  Teb: 000007f71da5b000 Win32Thread: fffff90104195010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040dcd70  NotificationEvent
            fffffa8003feb710  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728106       Ticks: 13022 (0:00:03:23.144)
        Context Switch Count      35             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address gdiplus!DllRefCountSafeThreadThunk (0x000007fef6381b90)
        Stack Init fffff880170e6dd0 Current fffff880170e6180
        Base fffff880170e7000 Limit fffff880170e1000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80039dab00  Cid 0a50.09a4  Teb: 000007f71da59000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80020b7780  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737974       Ticks: 3154 (0:00:00:49.202)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880170fbdd0 Current fffff880170fb760
        Base fffff880170fc000 Limit fffff880170f6000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa800201e080  Cid 0a50.0384  Teb: 000007f71da55000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8003669320  SynchronizationEvent
            fffffa8001cbd2e0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739900       Ticks: 1228 (0:00:00:19.156)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88017141dd0 Current fffff88017141180
        Base fffff88017142000 Limit fffff8801713c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8002d30600  Cid 0a50.0020  Teb: 000007f71da53000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001972e90  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728204       Ticks: 12924 (0:00:03:21.615)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address sti!WiaEventReceiver::EventThreadProc (0x000007feec322860)
        Stack Init fffff880172f9dd0 Current fffff880172f9900
        Base fffff880172fa000 Limit fffff880172f4000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c25900  Cid 0a50.0b88  Teb: 000007f71da57000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80020b7780  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa80033bb940       Image:         mspaint.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737974       Ticks: 3154 (0:00:00:49.202)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880150e6dd0 Current fffff880150e6760
        Base fffff880150e7000 Limit fffff880150e1000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa80030a6540
    SessionId: 0  Cid: 02e4    Peb: 7f6fad17000  ParentCid: 0220
    DirBase: 1708f000  ObjectTable: fffff8a0085c6f00  HandleCount: <Data Not Accessible>
    Image: svchost.exe
    VadRoot fffffa80036344d0 Vads 71 Clone 0 Private 291. Modified 0. Locked 0.
    DeviceMap fffff8a002487200
    Token                             fffff8a0022f9060
    ElapsedTime                       00:03:22.172
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         74592
    QuotaPoolUsage[NonPagedPool]      9152
    Working Set Sizes (now,min,max)  (1365, 50, 345) (5460KB, 200KB, 1380KB)
    PeakWorkingSetSize                1375
    VirtualSize                       36 Mb
    PeakVirtualSize                   37 Mb
    PageFaultCount                    1459
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      384

    Setting context for this process...
.process /p /r fffffa80030a6540
                                       
    !peb
PEB at 000007f6fad17000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6fb7a0000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000114c231a20 . 000000114c271dd0
    Ldr.InLoadOrderModuleList:           000000114c231b80 . 000000114c271db0
    Ldr.InMemoryOrderModuleList:         000000114c231b90 . 000000114c271dc0
                    Base TimeStamp                     Module
             7f6fb7a0000 505a9a4e Sep 20 05:23:42 2012 C:\WINDOWS\system32\svchost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7feedfe0000 501094f4 Jul 26 01:53:08 2012 c:\windows\system32\wiaservc.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef0ca0000 5010a95b Jul 26 03:20:11 2012 c:\windows\system32\VERSION.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\system32\combase.dll
             7fef0f20000 5010a9dd Jul 26 03:22:21 2012 C:\WINDOWS\system32\wiatrace.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\sspicli.dll
             7fef45e0000 5010893a Jul 26 01:03:06 2012 C:\WINDOWS\system32\msv1_0.DLL
             7fef4790000 50108a04 Jul 26 01:06:28 2012 C:\WINDOWS\system32\cryptdll.dll
             7fef4d90000 501089e8 Jul 26 01:06:00 2012 C:\WINDOWS\SYSTEM32\powrprof.dll
             7fef52e0000 50108a89 Jul 26 01:08:41 2012 C:\WINDOWS\system32\cfgmgr32.dll
             7fef5e40000 501080fc Jul 26 00:27:56 2012 C:\WINDOWS\system32\SETUPAPI.dll
             7fef50d0000 5010898b Jul 26 01:04:27 2012 C:\WINDOWS\system32\DEVOBJ.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7feec320000 5010a159 Jul 26 02:46:01 2012 C:\Windows\System32\sti.dll
             7fef2760000 501084f0 Jul 26 00:44:48 2012 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000114c230000
    ProcessParameters: 000000114c231200
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\svchost.exe'
    ImageFile:    'C:\WINDOWS\system32\svchost.exe'
    CommandLine:  'C:\WINDOWS\system32\svchost.exe -k imgsvc'
    DllPath:      '< Name not readable >'
    Environment:  000000114c230860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\Windows\ServiceProfiles\LocalService\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        TMP=C:\Windows\SERVIC~2\LOCALS~1\AppData\Local\Temp
        USERDOMAIN=NT AUTHORITY
        USERNAME=LOCAL SERVICE
        USERPROFILE=C:\Windows\ServiceProfiles\LocalService
        windir=C:\WINDOWS


        THREAD fffffa80031ffb00  Cid 02e4.00ac  Teb: 000007f6fad1e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8003835f10  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728189       Ticks: 12939 (0:00:03:21.849)
        Context Switch Count      12             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address svchost!wmainCRTStartup (0x000007f6fb7a26c0)
        Stack Init fffff880171e0dd0 Current fffff880171e0900
        Base fffff880171e1000 Limit fffff880171db000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002064680  Cid 02e4.0ed8  Teb: 000007f6fad1a000 Win32Thread: fffff901006c1710 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a6d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728204       Ticks: 12924 (0:00:03:21.615)
        Context Switch Count      37             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017256dd0 Current fffff88017256760
        Base fffff88017257000 Limit fffff88017251000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001c38b00  Cid 02e4.0040  Teb: 000007f6fad18000 Win32Thread: fffff901006f8b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001d729f0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728195       Ticks: 12933 (0:00:03:21.756)
        Context Switch Count      73             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address sechost!ScSvcctrlThreadW (0x000007fef55d4aa0)
        Stack Init fffff8801725ddd0 Current fffff8801725d900
        Base fffff8801725e000 Limit fffff88017258000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d5a700  Cid 02e4.03a8  Teb: 000007f6fad15000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001c341f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728188       Ticks: 12940 (0:00:03:21.865)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wiaservc!SchedulerThread (0x000007feee027388)
        Stack Init fffff88017288dd0 Current fffff880172880f0
        Base fffff88017289000 Limit fffff88017283000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8001d17b00  Cid 02e4.0b50  Teb: 000007f6fad13000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80040bc950  SynchronizationEvent
            fffffa8002dd08d0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728190       Ticks: 12938 (0:00:03:21.834)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wiaservc!SCMControlHandler::ControlThread (0x000007feee01de04)
        Stack Init fffff88017275dd0 Current fffff88017275180
        Base fffff88017276000 Limit fffff88017270000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80037da740  Cid 02e4.0158  Teb: 000007f6fabea000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80033a6d80  QueueObject
        Not impersonating
        DeviceMap                 fffff8a002487200
        Owning Process            fffffa80030a6540       Image:         svchost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15737974       Ticks: 3154 (0:00:00:49.202)
        Context Switch Count      7              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017311dd0 Current fffff88017311760
        Base fffff88017312000 Limit fffff8801730c000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5


PROCESS fffffa8002d6c540
    SessionId: 0  Cid: 0e80    Peb: 7f7d3e2e000  ParentCid: 0288
    DirBase: 50bb1000  ObjectTable: fffff8a0008fc200  HandleCount: <Data Not Accessible>
    Image: WmiPrvSE.exe
    VadRoot fffffa80027e5d20 Vads 66 Clone 0 Private 315. Modified 0. Locked 0.
    DeviceMap fffff8a00000c340
    Token                             fffff8a000856060
    ElapsedTime                       00:03:18.631
    UserTime                          00:00:00.046
    KernelTime                        00:00:00.031
    QuotaPoolUsage[PagedPool]         58280
    QuotaPoolUsage[NonPagedPool]      10032
    Working Set Sizes (now,min,max)  (1297, 50, 345) (5188KB, 200KB, 1380KB)
    PeakWorkingSetSize                1328
    VirtualSize                       30 Mb
    PeakVirtualSize                   36 Mb
    PageFaultCount                    1482
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      436
    Job                               fffffa8003dc8160

    Setting context for this process...
.process /p /r fffffa8002d6c540
                                       
    !peb
PEB at 000007f7d3e2e000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f7d4780000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 000000d7707419e0 . 000000d77074bf80
    Ldr.InLoadOrderModuleList:           000000d770741b40 . 000000d77074bf60
    Ldr.InMemoryOrderModuleList:         000000d770741b50 . 000000d77074bf70
                    Base TimeStamp                     Module
             7f7d4780000 5010ad15 Jul 26 03:36:05 2012 C:\WINDOWS\system32\wbem\wmiprvse.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7feebc60000 501087eb Jul 26 00:57:31 2012 C:\WINDOWS\system32\wbem\FastProx.dll
             7feed240000 501089b7 Jul 26 01:05:11 2012 C:\WINDOWS\SYSTEM32\NCObjAPI.DLL
             7feeeae0000 5010880b Jul 26 00:58:03 2012 C:\WINDOWS\SYSTEM32\wbemcomn.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\SYSTEM32\advapi32.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\SYSTEM32\user32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll
             7fef5620000 501081c1 Jul 26 00:31:13 2012 C:\WINDOWS\SYSTEM32\clbcatq.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7feec140000 501087d9 Jul 26 00:57:13 2012 C:\WINDOWS\system32\wbem\wbemprox.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\SYSTEM32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef1f50000 501089e9 Jul 26 01:06:01 2012 C:\WINDOWS\system32\wbem\wbemsvc.dll
             7fef1ed0000 501087f4 Jul 26 00:57:40 2012 C:\WINDOWS\system32\wbem\wmiutils.dll
             7feea450000 5010879f Jul 26 00:56:15 2012 C:\WINDOWS\system32\wbem\wmiprov.dll
             7fef07c0000 50108af1 Jul 26 01:10:25 2012 C:\WINDOWS\SYSTEM32\WMICLNT.dll
    SubSystemData:     0000000000000000
    ProcessHeap:       000000d770740000
    ProcessParameters: 000000d770741170
    CurrentDirectory:  'C:\WINDOWS\system32\'
    WindowTitle:  'C:\WINDOWS\system32\wbem\wmiprvse.exe'
    ImageFile:    'C:\WINDOWS\system32\wbem\wmiprvse.exe'
    CommandLine:  'C:\WINDOWS\system32\wbem\wmiprvse.exe'
    DllPath:      '< Name not readable >'
    Environment:  000000d770740860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        LOCALAPPDATA=C:\WINDOWS\system32\config\systemprofile\AppData\Local
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\WINDOWS\TEMP
        TMP=C:\WINDOWS\TEMP
        USERDOMAIN=WORKGROUP
        USERNAME=MACAIR1$
        USERPROFILE=C:\WINDOWS\system32\config\systemprofile
        windir=C:\WINDOWS


        THREAD fffffa80037dfb00  Cid 0e80.0ccc  Teb: 000007f7d3e2c000 Win32Thread: fffff90100659710 WAIT: (WrUserRequest) UserMode Non-Alertable
            fffffa80036474e0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728397       Ticks: 12731 (0:00:03:18.604)
        Context Switch Count      39             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address wmiprvse!WinMainCRTStartup (0x000007f7d478b3fc)
        Stack Init fffff880173f0dd0 Current fffff880173f05f0
        Base fffff880173f1000 Limit fffff880173eb000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8002c9d800  Cid 0e80.083c  Teb: 000007f7d3e2a000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003d9e580  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728564       Ticks: 12564 (0:00:03:15.999)
        Context Switch Count      6              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88017422dd0 Current fffff88017422760
        Base fffff88017423000 Limit fffff8801741d000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa80041a8840  Cid 0e80.0ce8  Teb: 000007f7d3e28000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001dce240  NotificationEvent
            fffffa8003fe9850  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728396       Ticks: 12732 (0:00:03:18.620)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address NCObjAPI!CNamedPipeClient::ProviderReadyThreadProc (0x000007feed241470)
        Stack Init fffff880173d4dd0 Current fffff880173d4180
        Base fffff880173d5000 Limit fffff880173cf000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.

        THREAD fffffa8003b59080  Cid 0e80.04d0  Teb: 000007f7d3e26000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003d9e580  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15738078       Ticks: 3050 (0:00:00:47.580)
        Context Switch Count      40             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880173f7dd0 Current fffff880173f7760
        Base fffff880173f8000 Limit fffff880173f2000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa8001e03080  Cid 0e80.0c5c  Teb: 000007f7d3cfe000 Win32Thread: fffff90100691290 WAIT: (UserRequest) UserMode Alertable
            fffffa8002db0b20  SynchronizationEvent
            fffffa8002db0aa0  SynchronizationEvent
            fffffa8003050aa0  SynchronizationEvent
            fffffa8003050a20  SynchronizationEvent
            fffffa800388d290  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736090       Ticks: 5038 (0:00:01:18.593)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wmiprvse!WmiThread<unsigned long>::ThreadProc (0x000007f7d4781850)
        Stack Init fffff88017414dd0 Current fffff88017414180
        Base fffff88017415000 Limit fffff8801740f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5

        THREAD fffffa80040db980  Cid 0e80.0cb0  Teb: 000007f7d3cfa000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8003d9e580  QueueObject
        IRP List:
            fffffa8001d67830: (0006,0598) Flags: 00060070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa8002d6c540       Image:         WmiPrvSE.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15728564       Ticks: 12564 (0:00:03:15.999)
        Context Switch Count      4              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8801744edd0 Current fffff8801744e760
        Base fffff8801744f000 Limit fffff88017449000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Kernel stack not resident.


PROCESS fffffa8004145940
    SessionId: 2  Cid: 0814    Peb: 7f6abd6d000  ParentCid: 0288
    DirBase: 4cdd6000  ObjectTable: fffff8a006b08680  HandleCount: <Data Not Accessible>
    Image: BackgroundTransferHost.exe
    VadRoot fffffa8001f792b0 Vads 116 Clone 0 Private 650. Modified 2. Locked 0.
    DeviceMap fffff8a000290b20
    Token                             fffff8a002dae5d0
    ElapsedTime                       00:01:17.728
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         221184
    QuotaPoolUsage[NonPagedPool]      21392
    Working Set Sizes (now,min,max)  (2770, 50, 345) (11080KB, 200KB, 1380KB)
    PeakWorkingSetSize                2893
    VirtualSize                       101 Mb
    PeakVirtualSize                   103 Mb
    PageFaultCount                    3052
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      781
    Job                               fffffa80033be260

    Setting context for this process...
.process /p /r fffffa8004145940
                                       
    !peb
PEB at 000007f6abd6d000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            No
    ImageBaseAddress:         000007f6acc30000
    Ldr                       000007fef7ff88a0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000034ca0b1d70 . 00000034ca0faf70
    Ldr.InLoadOrderModuleList:           00000034ca0b1ed0 . 00000034ca0faf50
    Ldr.InMemoryOrderModuleList:         00000034ca0b1ee0 . 00000034ca0faf60
                    Base TimeStamp                     Module
             7f6acc30000 5010a67f Jul 26 03:07:59 2012 C:\WINDOWS\system32\BackgroundTransferHost.exe
             7fef7ec0000 505ab405 Sep 20 07:13:25 2012 C:\WINDOWS\SYSTEM32\ntdll.dll
             7fef6010000 5010a83a Jul 26 03:15:22 2012 C:\WINDOWS\system32\KERNEL32.DLL
             7fef4fd0000 5010ab2d Jul 26 03:27:57 2012 C:\WINDOWS\system32\KERNELBASE.dll
             7fef78d0000 5010a732 Jul 26 03:10:58 2012 C:\WINDOWS\system32\ADVAPI32.dll
             7fef7820000 5010ac20 Jul 26 03:32:00 2012 C:\WINDOWS\system32\msvcrt.dll
             7fef7b30000 505a9af2 Sep 20 05:26:26 2012 C:\WINDOWS\SYSTEM32\combase.dll
             7fef55d0000 50108a41 Jul 26 01:07:29 2012 C:\WINDOWS\SYSTEM32\sechost.dll
             7fef5be0000 50108bb9 Jul 26 01:13:45 2012 C:\WINDOWS\system32\RPCRT4.dll
             7fef4c30000 5010ab50 Jul 26 03:28:32 2012 C:\WINDOWS\system32\CRYPTBASE.dll
             7fef4bd0000 50108a4c Jul 26 01:07:40 2012 C:\WINDOWS\system32\bcryptPrimitives.dll
             7fee8a40000 505a9555 Sep 20 05:02:29 2012 C:\Windows\System32\twinapi.dll
             7fef56c0000 505a9a92 Sep 20 05:24:50 2012 C:\WINDOWS\system32\USER32.dll
             7fef5810000 50108b7f Jul 26 01:12:47 2012 C:\WINDOWS\system32\GDI32.dll
             7fef54c0000 501088ce Jul 26 01:01:18 2012 C:\WINDOWS\system32\IMM32.DLL
             7fef5d20000 50108881 Jul 26 01:00:01 2012 C:\WINDOWS\system32\MSCTF.dll
             7feead60000 505a99fd Sep 20 05:22:21 2012 C:\Windows\System32\WinTypes.dll
             7fef46a0000 50108ad9 Jul 26 01:10:01 2012 C:\WINDOWS\system32\CRYPTSP.dll
             7fef4320000 50108ac4 Jul 26 01:09:40 2012 C:\WINDOWS\system32\rsaenh.dll
             7fef2ed0000 505a97e0 Sep 20 05:13:20 2012 C:\WINDOWS\SYSTEM32\shcore.dll
             7feeb9d0000 505aafdf Sep 20 06:55:43 2012 C:\Windows\System32\actxprxy.dll
             7feecb30000 501087eb Jul 26 00:57:31 2012 C:\Windows\System32\biwinrt.dll
             7fee5a10000 505a9222 Sep 20 04:48:50 2012 C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
             7fef4df0000 50108ab9 Jul 26 01:09:29 2012 C:\WINDOWS\system32\profapi.dll
             7fef7d60000 505a9257 Sep 20 04:49:43 2012 C:\WINDOWS\system32\urlmon.dll
             7fef5950000 505a9365 Sep 20 04:54:13 2012 C:\WINDOWS\system32\WININET.dll
             7fef5340000 50108270 Jul 26 00:34:08 2012 C:\WINDOWS\system32\ole32.dll
             7fef6520000 507635b5 Oct 11 03:57:57 2012 C:\WINDOWS\system32\SHELL32.dll
             7fef3670000 501089ed Jul 26 01:06:05 2012 C:\WINDOWS\system32\SystemEventsBrokerClient.dll
             7fef3db0000 501087ad Jul 26 00:56:29 2012 C:\WINDOWS\system32\FirewallAPI.dll
             7fef7ad0000 501080dd Jul 26 00:27:25 2012 C:\WINDOWS\system32\SHLWAPI.dll
             7fef6160000 505aa96c Sep 20 06:28:12 2012 C:\WINDOWS\system32\iertutil.dll
             7feedf30000 50108ad5 Jul 26 01:09:57 2012 C:\WINDOWS\system32\Secur32.dll
             7fef4ba0000 505a9be9 Sep 20 05:30:33 2012 C:\WINDOWS\system32\SSPICLI.DLL
             7fef4420000 50108843 Jul 26 00:58:59 2012 C:\WINDOWS\system32\userenv.dll
             7feeb240000 501081d7 Jul 26 00:31:35 2012 C:\WINDOWS\SYSTEM32\profext.dll
             7fef5500000 50108a1d Jul 26 01:06:53 2012 C:\WINDOWS\system32\OLEAUT32.dll
             7fef3c80000 505a9614 Sep 20 05:05:40 2012 C:\WINDOWS\system32\uxtheme.dll
             7fef2a10000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\system32\dwmapi.dll
             7fef5b80000 50108abf Jul 26 01:09:35 2012 C:\WINDOWS\system32\WS2_32.dll
             7fef5330000 5010ac24 Jul 26 03:32:04 2012 C:\WINDOWS\system32\NSI.dll
             7feef4d0000 501086ae Jul 26 00:52:14 2012 C:\WINDOWS\system32\winhttp.dll
             7fef4640000 50108ac7 Jul 26 01:09:43 2012 C:\WINDOWS\system32\mswsock.dll
             7fef0b80000 505a9be8 Sep 20 05:30:32 2012 C:\WINDOWS\system32\IPHLPAPI.DLL
             7fef0b20000 50108ad1 Jul 26 01:09:53 2012 C:\WINDOWS\system32\WINNSI.DLL
             7fef5100000 50108a73 Jul 26 01:08:19 2012 C:\WINDOWS\system32\CRYPT32.dll
             7fef4ea0000 50108afc Jul 26 01:10:36 2012 C:\WINDOWS\system32\MSASN1.dll
             7fef4480000 505a9be4 Sep 20 05:30:28 2012 C:\WINDOWS\system32\DNSAPI.dll
             7feedb50000 50108a13 Jul 26 01:06:43 2012 C:\Windows\System32\rasadhlp.dll
             7fef0a70000 50108713 Jul 26 00:53:55 2012 C:\WINDOWS\System32\fwpuclnt.dll
             7fef43b0000 505a9ab9 Sep 20 05:25:29 2012 C:\WINDOWS\system32\schannel.DLL
             7fef4870000 50108a53 Jul 26 01:07:47 2012 C:\WINDOWS\system32\ncrypt.dll
             7fef48f0000 50108aca Jul 26 01:09:46 2012 C:\WINDOWS\system32\bcrypt.dll
             7fef4830000 50108a88 Jul 26 01:08:40 2012 C:\WINDOWS\system32\NTASN1.dll
             7feebf80000 50108acd Jul 26 01:09:49 2012 C:\WINDOWS\system32\ncryptsslp.dll
             7fef4ec0000 505a9a1c Sep 20 05:22:52 2012 C:\WINDOWS\system32\WINTRUST.dll
             7fef4050000 5010894e Jul 26 01:03:26 2012 C:\WINDOWS\SYSTEM32\gpapi.dll
             7feeab50000 50108a14 Jul 26 01:06:44 2012 C:\Windows\System32\cryptnet.dll
             7fef7d00000 50108a30 Jul 26 01:07:12 2012 C:\WINDOWS\system32\WLDAP32.dll
             7fef16f0000 505a956d Sep 20 05:02:53 2012 C:\Windows\System32\Windows.Networking.Connectivity.dll
    SubSystemData:     000007fee8ad43f0
    ProcessHeap:       00000034ca0b0000
    ProcessParameters: 00000034ca0b1360
    CurrentDirectory:  'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\'
    WindowTitle:  '"BackgroundTransferHost.exe"'
    ImageFile:    'C:\WINDOWS\system32\BackgroundTransferHost.exe'
    CommandLine:  '"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1'
    DllPath:      'C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.50712.1_x64__8wekyb3d8bbwe;C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.8514.0_neutral__8wekyb3d8bbwe'
    Environment:  00000034ca0b0860
        ALLUSERSPROFILE=C:\ProgramData
        APPDATA=C:\Users\Dmitry\AppData\Roaming
        CommonProgramFiles=C:\Program Files\Common Files
        CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
        CommonProgramW6432=C:\Program Files\Common Files
        COMPUTERNAME=MACAIR1
        ComSpec=C:\WINDOWS\system32\cmd.exe
        FP_NO_HOST_CHECK=NO
        HOMEDRIVE=C:
        HOMEPATH=\Users\Dmitry
        LOCALAPPDATA=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC
        LOGONSERVER=\\MicrosoftAccount
        NUMBER_OF_PROCESSORS=2
        OS=Windows_NT
        Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
        PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        PROCESSOR_ARCHITECTURE=AMD64
        PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
        PROCESSOR_LEVEL=6
        PROCESSOR_REVISION=0f0b
        ProgramData=C:\ProgramData
        ProgramFiles=C:\Program Files
        ProgramFiles(x86)=C:\Program Files (x86)
        ProgramW6432=C:\Program Files
        PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
        PUBLIC=C:\Users\Public
        SystemDrive=C:
        SystemRoot=C:\WINDOWS
        TEMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp
        TMP=C:\Users\Dmitry\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp
        USERDOMAIN=MACAIR1
        USERDOMAIN_ROAMINGPROFILE=MACAIR1
        USERNAME=Dmitry
        USERPROFILE=C:\Users\Dmitry
        windir=C:\WINDOWS


        THREAD fffffa8001ca1080  Cid 0814.0af4  Teb: 000007f6abd6e000 Win32Thread: fffff901040fcb90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80036d76d0  NotificationEvent
            fffffa8003e46770  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740060       Ticks: 1068 (0:00:00:16.660)
        Context Switch Count      31             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address BackgroundTransferHost!wWinMainCRTStartup (0x000007f6acc3299c)
        Stack Init fffff880175d3dd0 Current fffff880175d3180
        Base fffff880175d4000 Limit fffff880175ce000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa8001e0f080  Cid 0814.0d1c  Teb: 000007f6abd6b000 Win32Thread: fffff901043b1b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8002d15e90  SynchronizationEvent
            fffffa80040141e0  SynchronizationEvent
            fffffa800385b510  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736547       Ticks: 4581 (0:00:01:11.464)
        Context Switch Count      131            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880175e9dd0 Current fffff880175e9180
        Base fffff880175ea000 Limit fffff880175e4000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa800416d5c0  Cid 0814.0e9c  Teb: 000007f6abd69000 Win32Thread: fffff901040d2240 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001e6b710  SynchronizationEvent
            fffffa8001d344c0  SynchronizationEvent
            fffffa80033c5210  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736547       Ticks: 4581 (0:00:01:11.464)
        Context Switch Count      112            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880175f0dd0 Current fffff880175f0180
        Base fffff880175f1000 Limit fffff880175eb000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa8002c8e080  Cid 0814.053c  Teb: 000007f6abd67000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001e3b2a0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740060       Ticks: 1068 (0:00:00:16.660)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address combase!CRpcThreadCache::RpcWorkerThreadEntry (0x000007fef7b323a8)
        Stack Init fffff88000fbfdd0 Current fffff88000fbf0f0
        Base fffff88000fc0000 Limit fffff88000fba000 Call 0
        Priority 9 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa80018b8080  Cid 0814.0368  Teb: 000007f6abd65000 Win32Thread: fffff90104271b90 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa80020af610  SynchronizationEvent
            fffffa8001cec150  SynchronizationEvent
            fffffa8001e14af0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736595       Ticks: 4533 (0:00:01:10.715)
        Context Switch Count      47             IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88000fe9dd0 Current fffff88000fe9180
        Base fffff88000fea000 Limit fffff88000fe4000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa800200d800  Cid 0814.0d4c  Teb: 000007f6abd63000 Win32Thread: fffff9010414f010 WAIT: (WrQueue) UserMode Alertable
            fffffa80021a6a40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740060       Ticks: 1068 (0:00:00:16.660)
        Context Switch Count      358            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff880172c3dd0 Current fffff880172c3760
        Base fffff880172c4000 Limit fffff880172be000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa80033b8b00  Cid 0814.0850  Teb: 000007f6abc3e000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
            fffffa8002d4db30  NotificationEvent
        IRP List:
            fffffa80033f6950: (0006,01f0) Flags: 00020070  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736595       Ticks: 4533 (0:00:01:10.715)
        Context Switch Count      14             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address WININET!ICAsyncThread::SelectThreadWrapper (0x000007fef59cd1dc)
        Stack Init fffff88003c61dd0 Current fffff88003c61900
        Base fffff88003c62000 Limit fffff88003c5c000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa80040ee700  Cid 0814.0938  Teb: 000007f6abc3c000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa8001f10500  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736494       Ticks: 4634 (0:00:01:12.290)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff8800317add0 Current fffff8800317a760
        Base fffff8800317b000 Limit fffff88003175000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa8001e22740  Cid 0814.0f3c  Teb: 000007f6abc3a000 Win32Thread: fffff901041b5010 WAIT: (UserRequest) UserMode Non-Alertable
            fffffa8001e416f0  SynchronizationEvent
            fffffa80018d06a0  SynchronizationEvent
            fffffa8003f53420  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736595       Ticks: 4533 (0:00:01:10.715)
        Context Switch Count      10             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003188dd0 Current fffff88003188180
        Base fffff88003189000 Limit fffff88003183000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa80038a7080  Cid 0814.08d8  Teb: 000007f6abc38000 Win32Thread: fffff9010430ab90 WAIT: (WrQueue) UserMode Alertable
            fffffa80021a6a40  QueueObject
        IRP List:
            fffffa800266fb20: (0006,03e8) Flags: 00020000  Mdl: 00000000
            fffffa800413e810: (0006,03e8) Flags: 00020000  Mdl: 00000000
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736595       Ticks: 4533 (0:00:01:10.715)
        Context Switch Count      293            IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.046
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88015991dd0 Current fffff88015991760
        Base fffff88015992000 Limit fffff8801598c000 Call 0
        Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa8003de9080  Cid 0814.0fc0  Teb: 000007f6abc34000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
            fffffa80021a6a40  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736594       Ticks: 4534 (0:00:01:10.730)
        Context Switch Count      2              IdealProcessor: 0             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x000007fef7ee38c0)
        Stack Init fffff88003c44dd0 Current fffff88003c44760
        Base fffff88003c45000 Limit fffff88003c3f000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0

        THREAD fffffa8001ce6640  Cid 0814.03ec  Teb: 000007f6abc32000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
            fffffa8004000ac0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a000290b20
        Owning Process            fffffa8004145940       Image:         BackgroundTransferHost.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736520       Ticks: 4608 (0:00:01:11.885)
        Context Switch Count      3              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address mswsock!SockAsyncThread (0x000007fef4645990)
        Stack Init fffff88003c0ddd0 Current fffff88003c0d7a0
        Base fffff88003c0e000 Limit fffff88003c08000 Call 0
        Priority 11 BasePriority 9 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Scheduling Group: fffffa80036ab8c0


.process /p /r 0
0: kd> !process 0 1f
**** NT ACTIVE PROCESS DUMP ****
PROCESS fffffa800182e480
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 00187000  ObjectTable: fffff8a000003000  HandleCount: <Data Not Accessible>
    Image: System
    VadRoot fffffa80026a92b0 Vads 16 Clone 0 Private 21. Modified 60513. Locked 64.
    DeviceMap fffff8a00000c340
    Token                             fffff8a0000055e0
    ElapsedTime                       2 Days 20:12:15.491
    UserTime                          00:00:00.000
    KernelTime                        00:00:10.030
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (224, 50, 450) (896KB, 200KB, 1800KB)
    PeakWorkingSetSize                1739
    VirtualSize                       5 Mb
    PeakVirtualSize                   12 Mb
    PageFaultCount                    41953
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      31

    Setting context for this process...
.process /p /r fffffa800182e480
                                       
        THREAD fffffa8001818040  Cid 0004.0008  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d542e0  NotificationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741108       Ticks: 20 (0:00:00:00.312)
        Context Switch Count      23943          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:08.502
        Win32 Start Address nt!Phase1Initialization (0xfffff802b3f85f70)
        Stack Init fffff880009a9dd0 Current fffff880009a9970
        Base fffff880009aa000 Limit fffff880009a4000 Call 0
        Priority 0 BasePriority 0 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`009a99b0 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`009a9af0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`009a9bb0 fffff802`b3b580b7 nt!KeWaitForSingleObject+0x1cf
        fffff880`009a9c40 fffff802`b3aab535 nt!MmZeroPageThread+0x2d0
        fffff880`009a9d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`009a9da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa800184e380  Cid 0004.000c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d1ff20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      38             Ticks: 15741090 (2:20:12:42.577)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopIrpWorkerControl (0xfffff802b3bc4b30)
        Stack Init fffff880009d0dd0 Current fffff880009d0a40
        Base fffff880009d1000 Limit fffff880009cb000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 2 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`009d0a80 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`009d0bc0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`009d0c80 fffff802`b3bc4b60 nt!KeWaitForSingleObject+0x1cf
        fffff880`009d0d10 fffff802`b3aab535 nt!PopIrpWorkerControl+0x30
        fffff880`009d0d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`009d0da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa80017f4040  Cid 0004.0010  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d20520  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739995       Ticks: 1133 (0:00:00:17.674)
        Context Switch Count      535            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.015
        Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8)
        Stack Init fffff880009d7dd0 Current fffff880009d79d0
        Base fffff880009d8000 Limit fffff880009d2000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`009d7a10 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`009d7b50 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`009d7c10 fffff802`b3ba4818 nt!KeWaitForSingleObject+0x1cf
        fffff880`009d7ca0 fffff802`b3aab535 nt!PopIrpWorker+0x140
        fffff880`009d7d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`009d7da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa800183a940  Cid 0004.0014  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d20520  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740171       Ticks: 957 (0:00:00:14.929)
        Context Switch Count      119            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopIrpWorker (0xfffff802b3ba46d8)
        Stack Init fffff880009dedd0 Current fffff880009de9d0
        Base fffff880009df000 Limit fffff880009d9000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`009dea10 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`009deb50 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`009dec10 fffff802`b3ba4818 nt!KeWaitForSingleObject+0x1cf
        fffff880`009deca0 fffff802`b3aab535 nt!PopIrpWorker+0x140
        fffff880`009ded50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`009deda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa80018094c0  Cid 0004.0018  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffffa8001835788  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15679017       Ticks: 62111 (0:00:16:08.937)
        Context Switch Count      8              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!PopFxEmergencyWorker (0xfffff802b3bb507c)
        Stack Init fffff880009e5dd0 Current fffff880009e5a20
        Base fffff880009e6000 Limit fffff880009e0000 Call 0
        Priority 16 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`009e5a60 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`009e5ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c
        fffff880`009e5c60 fffff802`b3bb50b9 nt!KeRemoveQueueEx+0x26b
        fffff880`009e5d10 fffff802`b3aab535 nt!PopFxEmergencyWorker+0x3e
        fffff880`009e5d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`009e5da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001823980  Cid 0004.001c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff88000faace0  SynchronizationTimer
            fffff802b3d0d2f0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15718535       Ticks: 22593 (0:00:05:52.453)
        Context Switch Count      67             IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.046
        Win32 Start Address nt!ExpWorkerThreadBalanceManager (0xfffff802b3e1bfe8)
        Stack Init fffff88000faadd0 Current fffff88000faa9a0
        Base fffff88000fab000 Limit fffff88000fa5000 Call 0
        Priority 15 BasePriority 12 UnusualBoost 3 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`00faa9e0 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`00faab20 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`00faabe0 fffff802`b3e1c0b5 nt!KeWaitForMultipleObjects+0x25d
        fffff880`00faac90 fffff802`b3aab535 nt!ExpWorkerThreadBalanceManager+0xcd
        fffff880`00faad50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`00faada0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001806a80  Cid 0004.002c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741127       Ticks: 1 (0:00:00:00.015)
        Context Switch Count      20016          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:00.780
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88000fc6dd0 Current fffff88000fc69d0
        Base fffff88000fc7000 Limit fffff88000fc1000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`00fc6a10 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`00fc6b50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c
        fffff880`00fc6c10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b
        fffff880`00fc6cc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4
        fffff880`00fc6d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`00fc6da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001806400  Cid 0004.0030  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d0d0c0  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740018       Ticks: 1110 (0:00:00:17.316)
        Context Switch Count      30328          IdealProcessor: 0  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:01.279
        Win32 Start Address nt!ExpWorkerThread (0xfffff802b3b3c450)
        Stack Init fffff88000fcddd0 Current fffff88000fcd9d0
        Base fffff88000fce000 Limit fffff88000fc8000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`00fcda10 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`00fcdb50 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c
        fffff880`00fcdc10 fffff802`b3b3c543 nt!KeRemoveQueueEx+0x26b
        fffff880`00fcdcc0 fffff802`b3aab535 nt!ExpWorkerThread+0xf4
        fffff880`00fcdd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`00fcdda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa80018457c0  Cid 0004.004c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
            fffff802b3d84180  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740322       Ticks: 806 (0:00:00:12.573)
        Context Switch Count      134            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4)
        Stack Init fffff88000ffedd0 Current fffff88000ffe950
        Base fffff88000fff000 Limit fffff88000ff9000 Call 0
        Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`00ffe990 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`00ffead0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c
        fffff880`00ffeb90 fffff802`b3ae567a nt!KeWaitForGate+0x10f
        fffff880`00ffebe0 fffff802`b3aab535 nt!KiExecuteDpc+0xa6
        fffff880`00ffed50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`00ffeda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa800181c040  Cid 0004.0054  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
            fffff880009eb180  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15740322       Ticks: 806 (0:00:00:12.573)
        Context Switch Count      135            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!KiExecuteDpc (0xfffff802b3ae55d4)
        Stack Init fffff88002f0fdd0 Current fffff88002f0f950
        Base fffff88002f10000 Limit fffff88002f0a000 Call 0
        Priority 31 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f0f990 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f0fad0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c
        fffff880`02f0fb90 fffff802`b3ae567a nt!KeWaitForGate+0x10f
        fffff880`02f0fbe0 fffff802`b3aab535 nt!KiExecuteDpc+0xa6
        fffff880`02f0fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f0fda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001802b00  Cid 0004.0060  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable
            fffff802b3d53f80  NotificationEvent
            fffff802b3d540c0  Semaphore Limit 0x7fffffff
            fffff802b3d53f40  NotificationEvent
            fffff802b3d54020  NotificationEvent
            fffff802b3d527a0  NotificationEvent
            fffff802b3d527c0  SynchronizationEvent
            fffff802b3d53ee0  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15736321       Ticks: 4807 (0:00:01:14.989)
        Context Switch Count      1760           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.093
        Win32 Start Address nt!MiDereferenceSegmentThread (0xfffff802b3ac194c)
        Stack Init fffff88002f24dd0 Current fffff88002f249d0
        Base fffff88002f25000 Limit fffff88002f1f000 Call 0
        Priority 19 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f24a10 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f24b50 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`02f24c10 fffff802`b3ac1a0d nt!KeWaitForMultipleObjects+0x25d
        fffff880`02f24cc0 fffff802`b3aab535 nt!MiDereferenceSegmentThread+0xc1
        fffff880`02f24d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f24da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa80018177c0  Cid 0004.0064  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d276a0  Gate
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15732487       Ticks: 8641 (0:00:02:14.800)
        Context Switch Count      866            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.093
        Win32 Start Address nt!MiModifiedPageWriter (0xfffff802b3baa478)
        Stack Init fffff88002f2bdd0 Current fffff88002f2ba40
        Base fffff88002f2c000 Limit fffff88002f26000 Call 0
        Priority 18 BasePriority 18 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f2ba80 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f2bbc0 fffff802`b3ae4d5b nt!KiCommitThreadWait+0x23c
        fffff880`02f2bc80 fffff802`b3baa4ee nt!KeWaitForGate+0x10f
        fffff880`02f2bcd0 fffff802`b3aab535 nt!MiModifiedPageWriter+0x76
        fffff880`02f2bd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f2bda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001833040  Cid 0004.0068  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d5ad80  SynchronizationEvent
            fffff802b3d52f60  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741071       Ticks: 57 (0:00:00:00.889)
        Context Switch Count      3280           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.156
        Win32 Start Address nt!KeBalanceSetManager (0xfffff802b3b36620)
        Stack Init fffff88002f32dd0 Current fffff88002f329f0
        Base fffff88002f33000 Limit fffff88002f2d000 Call 0
        Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f32a30 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f32b70 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`02f32c30 fffff802`b3b366c7 nt!KeWaitForMultipleObjects+0x25d
        fffff880`02f32ce0 fffff802`b3aab535 nt!KeBalanceSetManager+0xa7
        fffff880`02f32d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f32da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001823040  Cid 0004.006c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d53aa0  SynchronizationEvent
            fffff802b3d53ab8  SynchronizationEvent
            fffff802b3d53ad0  SynchronizationEvent
            fffff802b3d53ae8  SynchronizationEvent
            fffff802b3d53b00  SynchronizationEvent
            fffff802b3d53b18  SynchronizationEvent
            fffff802b3d53b30  SynchronizationEvent
            fffff802b3d53b48  SynchronizationEvent
            fffff802b3d53b60  SynchronizationEvent
            fffff802b3d53b78  SynchronizationEvent
            fffff802b3d53b90  SynchronizationEvent
            fffff802b3d53ba8  SynchronizationEvent
            fffff802b3d53bc0  SynchronizationEvent
            fffff802b3d53bd8  SynchronizationEvent
            fffff802b3d53bf0  SynchronizationEvent
            fffff802b3d53c08  SynchronizationEvent
            fffff802b3d53c20  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741060       Ticks: 68 (0:00:00:01.060)
        Context Switch Count      16742          IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!MiMappedPageWriter (0xfffff802b3b6f140)
        Stack Init fffff88002f39dd0 Current fffff88002f39970
        Base fffff88002f3a000 Limit fffff88002f34000 Call 0
        Priority 18 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f399b0 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f39af0 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`02f39bb0 fffff802`b3b6f1f1 nt!KeWaitForMultipleObjects+0x25d
        fffff880`02f39c60 fffff802`b3aab535 nt!MiMappedPageWriter+0xb1
        fffff880`02f39d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f39da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001810b00  Cid 0004.0070  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffff802b3d5ad40  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741071       Ticks: 57 (0:00:00:00.889)
        Context Switch Count      9193           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address nt!KeSwapProcessOrStack (0xfffff802b3aec50c)
        Stack Init fffff88002f40dd0 Current fffff88002f40a20
        Base fffff88002f41000 Limit fffff88002f3b000 Call 0
        Priority 23 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f40a60 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f40ba0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`02f40c60 fffff802`b3aec549 nt!KeWaitForSingleObject+0x1cf
        fffff880`02f40cf0 fffff802`b3aab535 nt!KeSwapProcessOrStack+0x3d
        fffff880`02f40d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f40da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001803040  Cid 0004.007c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
            fffff802b3d6fd60  SynchronizationEvent
            fffff802b3d6fd80  SynchronizationEvent
            fffff802b3d6fda0  SynchronizationEvent
            fffff802b3d6fdc0  SynchronizationEvent
            fffff802b3d6fde0  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15741056       Ticks: 72 (0:00:00:01.123)
        Context Switch Count      1706           IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!CcQueueLazyWriteScanThread (0xfffff802b3b893d8)
        Stack Init fffff88002f55dd0 Current fffff88002f559e0
        Base fffff88002f56000 Limit fffff88002f50000 Call 0
        Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f55a20 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f55b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`02f55c20 fffff802`b3b89467 nt!KeWaitForMultipleObjects+0x25d
        fffff880`02f55cd0 fffff802`b3aab535 nt!CcQueueLazyWriteScanThread+0x8f
        fffff880`02f55d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f55da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001800040  Cid 0004.0080  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d6e020  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      46             Ticks: 15741082 (2:20:12:42.453)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778)
        Stack Init fffff88002f61dd0 Current fffff88002f61a20
        Base fffff88002f62000 Limit fffff88002f5c000 Call 0
        Priority 16 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f61a60 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f61ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c
        fffff880`02f61c60 fffff802`b3bc47c5 nt!KeRemoveQueueEx+0x26b
        fffff880`02f61d10 fffff802`b3aab535 nt!FsRtlWorkerThread+0x4d
        fffff880`02f61d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f61da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa800182b800  Cid 0004.0084  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
            fffff802b3d6e060  QueueObject
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      46             Ticks: 15741082 (2:20:12:42.453)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!FsRtlWorkerThread (0xfffff802b3bc4778)
        Stack Init fffff88002f68dd0 Current fffff88002f68a20
        Base fffff88002f69000 Limit fffff88002f63000 Call 0
        Priority 17 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f68a60 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f68ba0 fffff802`b3b38ddb nt!KiCommitThreadWait+0x23c
        fffff880`02f68c60 fffff802`b3bc47c5 nt!KeRemoveQueueEx+0x26b
        fffff880`02f68d10 fffff802`b3aab535 nt!FsRtlWorkerThread+0x4d
        fffff880`02f68d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f68da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001825b00  Cid 0004.0088  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001807230  SynchronizationEvent
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      65             Ticks: 15741063 (2:20:12:42.156)
        Context Switch Count      1              IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002f8fdd0 Current fffff88002f8f950
        Base fffff88002f90000 Limit fffff88002f8a000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f8f990 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f8fad0 fffff802`b3b29c1f nt!KiCommitThreadWait+0x23c
        fffff880`02f8fb90 fffff802`b3b2943e nt!KeWaitForSingleObject+0x1cf
        fffff880`02f8fc20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x2ce
        fffff880`02f8fcd0 fffff802`b3aab535 nt!EtwpLogger+0xb2
        fffff880`02f8fd50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f8fda0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa800183a040  Cid 0004.008c  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001818e30  SynchronizationEvent
            fffffa8001818e48  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      15739548       Ticks: 1580 (0:00:00:24.648)
        Context Switch Count      403            IdealProcessor: 0             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address nt!EtwpLogger (0xfffff802b3e54040)
        Stack Init fffff88002f96dd0 Current fffff88002f969e0
        Base fffff88002f97000 Limit fffff88002f91000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        Child-SP          RetAddr           Call Site
        fffff880`02f96a20 fffff802`b3b2d99c nt!KiSwapContext+0x76
        fffff880`02f96b60 fffff802`b3b293cd nt!KiCommitThreadWait+0x23c
        fffff880`02f96c20 fffff802`b3e540f2 nt!KeWaitForMultipleObjects+0x25d
        fffff880`02f96cd0 fffff802`b3aab535 nt!EtwpLogger+0xb2
        fffff880`02f96d50 fffff802`b3ae9e16 nt!PspSystemThreadStartup+0x59
        fffff880`02f96da0 00000000`00000000 nt!KiStartSystemThread+0x16

        THREAD fffffa8001839b00  Cid 0004.0090  Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
            fffffa8001802230  SynchronizationEvent
            fffffa8001802248  SynchronizationTimer
        Not impersonating
        DeviceMap                 fffff8a00000c340
        Owning Process            fffffa800182e480       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCoun