Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.76%
6.2.9200.16384 (win8_rtm.120725-1247) 11.11%
6.1.7600.16385 (win7_rtm.090713-1255) 3.17%
6.1.7600.16385 (win7_rtm.090713-1255) 4.76%
6.0.6001.18000 (longhorn_rtm.080118-1840) 17.46%
6.0.6001.18000 (longhorn_rtm.080118-1840) 49.21%
6.0.6000.16386 (vista_rtm.061101-2205) 9.52%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegQueryValueExW, RegCloseKey, StartServiceW, QueryServiceStatus, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumValueW, RegOpenKeyExW, RegSetValueExW, SetServiceStatus, EventWrite, EventRegister, EventUnregister, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, ChangeServiceConfig2W, RegEnumKeyW, RegFlushKey, DuplicateTokenEx, SetThreadToken, AccessCheck, IsWellKnownSid, GetFileSecurityW, LogonUserW, ImpersonateLoggedOnUser, RevertToSelf, LookupAccountSidW, ConvertStringSidToSidW, MakeAbsoluteSD, GetLengthSid, InitializeAcl, GetAclInformation, GetAce, EqualSid, AddAce, AddAccessAllowedAceEx, SetSecurityDescriptorDacl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, RegDeleteValueW, RegCreateKeyExW, QueryAllTracesW, StartTraceW, UpdateTraceW, EnableTraceEx, FlushTraceW, StopTraceW, QueryTraceW, EnumerateTraceGuidsEx, ControlTraceW, RegConnectRegistryW, AdjustTokenPrivileges, EventAccessQuery, ConvertSecurityDescriptorToStringSecurityDescriptorW, EventAccessRemove, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, RegEnumKeyExW, ControlService, ChangeServiceConfigW, OpenSCManagerW, OpenServiceW, QueryServiceConfigW, CloseServiceHandle, RegisterServiceCtrlHandlerExW, CheckTokenMembership, CreateWellKnownSid, ConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetNamedSecurityInfoW
api-ms-win-service-core-l1-1-0.dll
SetServiceStatus, RegisterServiceCtrlHandlerExW
api-ms-win-service-management-l1-1-0.dll
StartServiceW, CloseServiceHandle, OpenServiceW, OpenSCManagerW
api-ms-win-service-management-l2-1-0.dll
ChangeServiceConfig2W, ChangeServiceConfigW, QueryServiceConfigW
api-ms-win-service-winsvc-l1-1-0.dll
QueryServiceStatus, ControlService
crypt32.dll
CryptUnprotectData
iphlpapi.dll
GetCurrentThreadCompartmentId, GetAdaptersAddresses
kernel32.dll
HeapFree, HeapValidate, ExpandEnvironmentStringsW, GetLocaleInfoW, GetTimeZoneInformation, GetLocalTime, GetComputerNameW, LocalFree, FormatMessageW, InitializeCriticalSection, WideCharToMultiByte, GlobalFree, GlobalUnlock, UnregisterWait, GlobalLock, GlobalAlloc, SizeofResource, LockResource, LoadResource, FindResourceW, GetCurrentProcess, GetCurrentThread, Wow64RevertWow64FsRedirection, GetCurrentThreadId, Wow64DisableWow64FsRedirection, IsWow64Process, ResetEvent, CreateDirectoryW, FreeLibrary, LoadLibraryW, OpenProcess, WriteFile, CreateFileW, WaitForSingleObject, GetCurrentProcessId, QueryPerformanceCounter, FindClose, FindNextFileW, FindFirstFileW, DuplicateHandle, GetSystemTimeAsFileTime, SystemTimeToFileTime, FileTimeToSystemTime, CompareStringW, HeapReAlloc, HeapSize, GetUserDefaultUILanguage, WaitForMultipleObjects, GetExitCodeThread, CreateThread, GetProcessHeap, CreateWaitableTimerW, GetCommandLineW, InterlockedExchange, OpenEventW, CopyFileExW, GetFullPathNameW, GetTimeFormatW, GetDateFormatW, FileTimeToLocalFileTime, GetBinaryTypeW, GetProcAddress, DeleteFileW, RemoveDirectoryW, GetDiskFreeSpaceExW, GetFileSizeEx, SetPriorityClass, CopyFileW, GetExitCodeProcess, TerminateProcess, CreateProcessW, GetTempFileNameW, GetSystemTime, MultiByteToWideChar, FileTimeToDosDateTime, GetFileInformationByHandle, GetTempFileNameA, GetTempPathA, SetFileAttributesW, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, GetFileMUIPath, GetTickCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetEvent, IsDebuggerPresent, DebugBreak, InterlockedCompareExchange, CreateEventW, CloseHandle, GetModuleFileNameW, Sleep, DisableThreadLibraryCalls, GetSystemDirectoryW, GetLastError, GetWindowsDirectoryW, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, HeapAlloc, GetFileAttributesW, EnterCriticalSection, SetWaitableTimer, LeaveCriticalSection, FreeResource, LoadLibraryExW, K32GetModuleFileNameExW, GetTickCount64, GetTempPathW, DelayLoadFailureHook, LoadLibraryExA
msvcrt.dll
DllMain
nsi.dll
NsiAllocateAndGetTable, NsiFreeTable
ntdll.dll
RtlNtStatusToDosError, NtQuerySystemTime, RtlStringFromGUID, RtlFreeUnicodeString, EtwNotificationUnregister, EtwNotificationRegister, NtQuerySystemInformation, EtwEventUnregister, EtwEventRegister, EtwEventWrite
ole32.dll
StringFromGUID2, CoGetClassObject, StgOpenStorageEx, FreePropVariantArray, CreateStreamOnHGlobal, CoCreateInstance, CLSIDFromString, CoCreateInstanceEx, CoSetProxyBlanket, CoUninitialize, CoInitializeEx, CoInitializeSecurity, CoRegisterClassObject, CoRevokeClassObject
pdh.dll
PdhTranslate009CounterW, PdhTranslateLocaleCounterW, PdhOpenLogW, PdhCloseLog, PdhUpdateLogW, PdhAddCounterW, PdhExpandWildCardPathW, PdhOpenQueryW, PdhGetFormattedCounterValue, PdhCollectQueryData, PdhCloseQuery
psapi.dll
GetModuleFileNameExW
rpcrt4.dll
RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcBindingInqAuthClientW, RpcImpersonateClient, RpcRevertToSelf, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerUnregisterIfEx, RpcServerInqCallAttributesW, NdrServerCall2, NdrClientCall2, RpcBindingSetAuthInfoW, RpcBindingFree, RpcStringFreeW, UuidCreate
secur32.dll
GetUserNameExW
shell32.dll
CommandLineToArgvW
shlwapi.dll
PathIsNetworkPathW, PathIsFileSpecW
tdh.dll
TdhEnumerateProviders, TdhEnumerateProviderFieldInformation, TdhEnumerateRemoteWBEMProviderFieldInformation, TdhEnumerateRemoteWBEMProviders
user32.dll
MsgWaitForMultipleObjects, LoadStringW, PeekMessageW, CreateWindowExW, DestroyWindow, DispatchMessageW
wevtapi.dll
EvtClose, EvtCreateRenderContext, EvtRender, EvtNext, EvtSubscribe, EvtGetChannelConfigProperty, EvtOpenChannelConfig, EvtCreateBookmark, EvtUpdateBookmark
ws2_32.dll
WSAAddressToStringW
Export table
DllCanUnloadNow
DllGetClassObject
PlaConvertLogEntries
PlaDeleteReport
PlaExpandTaskArguments
PlaExtractCabinet
PlaGetLegacyAlertActionsFlagsFromString
PlaGetLegacyAlertActionsStringFromFlags
PlaGetServerCapabilities
PlaHost
PlaServer
PlaUpgrade
ServiceMain
SvchostPushServiceGlobals

pla.dll

Performance Logs & Alerts by Microsoft

Remove pla.dll
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   c7cf6a6e137463219e1259e3f0f0dd6c
SHA1:   ed3cfb66193dcb172c9b07d99fd199267ad542a6
SHA256:   08d7244f52aa17dd669aa6f77c291dac88e7b2d1887de422509c1f83ec85f3dd
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

pla.dll executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:pla.dll
Publisher:Microsoft Corporation
Product name:Performance Logs & Alerts
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\pla.dll
Original name:PLA.DLL.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:1.32 MB (1,389,056 bytes)
Digital DNA
Entropy:6.102473
File packed:No
Code language:Microsoft Visual C# / Basic .NET
.NET CLR:Yes
.NET NGENed:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job 'RAM - Padrao' runs in the path '\Microsoft\Windows\PLA\RAM - Padrao'
  • The task 'New Data Collector Set' runs in the path '\Microsoft\Windows\PLA\New Data Collector Set'
  • The task 'LSC Memory' runs in the path '\Microsoft\Windows\PLA\LSC Memory'
  • The job 'System Overview' runs in the path '\Microsoft\Windows\PLA\System Overview'
  • The job 'ConvertLogEntries' in the path '\Microsoft\Windows\PLA\System\ConvertLogEntries'
  • Entry path '\Microsoft\Windows\PLA\System Overview'
  • Entry path '\Microsoft\Windows\PLA\Server Manager Performance Monitor'
  • Entry path '\Microsoft\Windows\PLA\KCTR$1179'
  • Entry path '\Microsoft\Windows\PLA\New Data Collector Set'
  • Entry path '\Microsoft\Windows\PLA\System\ConvertLogEntries'
Hosted services
Runs as a shared service under the Windows svcHost
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'
  • Shared name is 'pla'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00018940%
0.028634%
Kernel CPU:0.00016463%
0.013761%
User CPU:0.00002477%
0.014873%
Kernel CPU time:406 ms/min
100,923,805ms/min
CPU cycles:7,730/sec
17,470,203/sec
Memory
Private memory:6.14 MB
21.59 MB
Private (maximum):9.89 MB
Private (minimum):1.74 MB
Non-paged memory:6.14 MB
21.59 MB
Virtual memory:61.37 MB
140.96 MB
Virtual memory (peak):70.76 MB
169.69 MB
Working set:2.47 MB
18.61 MB
Working set (peak):9.89 MB
37.95 MB
Page faults:17,495/min
2,039/min
I/O
I/O read transfer:817 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:4 Bytes/sec
448.09 KB/min
I/O other operations:2/sec
1,671/min
Resource allocations
Threads:4
12
Handles:199
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • C:\Windows\System32\rundll32.exe C:\Windows\System32\pla.dll,plahost "lsc memory" "0x1b2c_0x890_0x8a408d999"
  • C:\Windows\System32\rundll32.exe C:\Windows\System32\pla.dll,plahost "kctr$1181" "0x1718_0x15c8_0x3ca9c6d8ed7"
  • C:\Windows\System32\rundll32.exe C:\Windows\System32\pla.dll,plahost "kctr$1182" "0xda0_0x1490_0x3ca9ab1f048"
  • C:\Windows\System32\rundll32.exe C:\Windows\System32\pla.dll,plahost "kctr$1180" "0x1718_0x1730_0x38f0a9b2d64"
  • C:\Windows\System32\rundll32.exe C:\Windows\System32\pla.dll,plahost "kctr$1179" "0x11f4_0x9bc_0x38ecf3e098c"
Owner:SYSTEM
Parent process:taskeng.exe (Task Scheduler Engine by Microsoft)

ResourcesThreads

Averages
 
pla.dll (main module)
Total CPU:0.00032900%
0.272967%
Kernel CPU:0.00029310%
0.107585%
User CPU:0.00003590%
0.165382%
CPU cycles:15,301/sec
5,741,424/sec
Memory:1.34 MB
1.16 MB
rundll32.exe (Windows host process (Rundll32) by Microsoft)
Total CPU:0.00028923%
Kernel CPU:0.00024348%
User CPU:0.00004575%
CPU cycles:7,155/sec
Memory:60 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows Vista Home Premium 52.38%
Windows Vista Ultimate 11.11%
Windows 7 Professional 7.94%
Windows Vista Home Basic 7.94%
Windows 8 Single Language 4.76%
Windows 8 4.76%
Windows 8.1 4.76%
Windows Vista Business 3.17%
Windows Server 2008 Standard 1.59%
Windows Server 2012 Standard Evaluation 1.59%

Distribution by countryDistribution by country

United States installs about 58.33% of Performance Logs & Alerts.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 32.26%
Dell 22.58%
Hewlett-Packard 16.13%
Sony 12.90%
ASUS 9.68%
Intel 3.23%
American Megatrends 1.61%
Samsung 1.61%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE