Application Events
Level,Date and Time,Source,Event ID,Task Category
Error,25/07/2011 4:59:10 PM,SideBySide,35,None,"Activation context generation
failed for ""C:\Program Files (x86)\Sony\Media Go\MediaGo.exe"".Error in
manifest or policy file ""C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found in manifest does
not match the identity of the component requested. Reference is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:59:08 PM,Microsoft-WindowsRestartManager,10001,None,Ending session 0 started 2011-0725T20:58:50.568625900Z.
Information,25/07/2011 4:59:08 PM,MsiInstaller,1042,None,Ending a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\Netshim.msi. Client Process Id: 7764.
Information,25/07/2011 4:59:08 PM,MsiInstaller,1033,None,Windows Installer
installed the product. Product Name: Junos Pulse Netshim/Tunnel Manager/IPSec
Manager Add-On. Product Version: 2.0.10059. Product Language: 1033.
Manufacturer: Juniper Networks. Installation success or error status: 1603.
Information,25/07/2011 4:59:08 PM,MsiInstaller,11708,None,Product: Junos
Pulse Netshim/Tunnel Manager/IPSec Manager Add-On -- Installation failed.
Information,25/07/2011 4:58:50 PM,Microsoft-WindowsRestartManager,10000,None,Starting session 0 - 2011-0725T20:58:50.568625900Z.
Information,25/07/2011 4:58:50 PM,Microsoft-WindowsRestartManager,10001,None,Ending session 0 started 2011-0725T20:58:15.633627700Z.
Information,25/07/2011 4:58:50 PM,MsiInstaller,1040,None,Beginning a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\Netshim.msi. Client Process Id: 7764.
Information,25/07/2011 4:58:50 PM,MsiInstaller,1042,None,Ending a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\JunosPulseCore.msi. Client Process Id: 6404.
Information,25/07/2011 4:58:50 PM,MsiInstaller,1033,None,Windows Installer
installed the product. Product Name: Junos Pulse Core Components. Product
Version: 2.0.10059. Product Language: 1033. Manufacturer: Juniper Networks.
Installation success or error status: 0.
Information,25/07/2011 4:58:50 PM,MsiInstaller,11707,None,Product: Junos
Pulse Core Components -- Installation completed successfully.
Information,25/07/2011 4:58:15 PM,Microsoft-WindowsRestartManager,10000,None,Starting session 0 - 2011-0725T20:58:15.633627700Z.
Information,25/07/2011 4:58:15 PM,Microsoft-WindowsRestartManager,10001,None,Ending session 0 started 2011-0725T20:58:13.173487000Z.
Information,25/07/2011 4:58:15 PM,MsiInstaller,1040,None,Beginning a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\JunosPulseCore.msi. Client Process Id: 6404.
Information,25/07/2011 4:58:15 PM,MsiInstaller,1042,None,Ending a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\VC8Runtime.msi. Client Process Id: 1716.
Information,25/07/2011 4:58:15 PM,MsiInstaller,1033,None,Windows Installer
installed the product. Product Name: VC8 CRT. Product Version: 8.0.50727.762.
Product Language: 1033. Manufacturer: Juniper Networks. Installation success
or error status: 0.
Information,25/07/2011 4:58:15 PM,MsiInstaller,11707,None,Product: VC8 CRT -Installation completed successfully.
Information,25/07/2011 4:58:13 PM,Microsoft-WindowsRestartManager,10000,None,Starting session 0 - 2011-0725T20:58:13.173487000Z.
Information,25/07/2011 4:58:12 PM,MsiInstaller,1040,None,Beginning a Windows
Installer transaction: C:\Users\Horia\AppData\Roaming\Juniper Networks\Setup
Client\VC8Runtime.msi. Client Process Id: 1716.
Information,25/07/2011 4:52:13 PM,Microsoft-Windows-SecuritySPP,903,None,"The Software Protection service has stopped.
"
Information,25/07/2011 4:51:54 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:51:45 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Warning,25/07/2011 4:51:41 PM,Microsoft-Windows-Search,3036,Gatherer,"The
content source <mapi://{S-1-5-21-3249341697-3537190303-2455221922-1001}/>
cannot be accessed.
Context:
Application, SystemIndex Catalog
Details:
A server error occurred. Check that the server is available. (HRESULT
: 0x80041206) (0x80041206)
"
Information,25/07/2011 4:50:51 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 4:50:42 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 4:50:11 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:50:06 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Warning,25/07/2011 4:49:40 PM,Microsoft-Windows-Search,3036,Gatherer,"The
content source <mapi://{S-1-5-21-3249341697-3537190303-2455221922-1001}/>
cannot be accessed.
Context:
Application, SystemIndex Catalog
Details:
A server error occurred. Check that the server is available. (HRESULT
: 0x80041206) (0x80041206)
"
Information,25/07/2011 4:49:17 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,25/07/2011 4:49:11 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:49:11 PM,gusvc,0,None,"The description for Event ID
0 from source gusvc cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:49:08 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 4:49:02 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 4:49:01 PM,Microsoft-WindowsCAPI2,4097,None,"Successful auto update of third-party root certificate::
Subject: <CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US> Sha1 thumbprint:
<5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25>."
Information,25/07/2011 4:47:43 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,25/07/2011 4:47:13 PM,Microsoft-Windows-SecuritySPP,902,None,"The Software Protection service has started.
6.1.7600.16385"
Information,25/07/2011 4:47:13 PM,Microsoft-Windows-SecuritySPP,1003,None,"The Software Protection service has completed licensing status
check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 1 [(0 [0x00000000, 1, 0],
[(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000
0)(?)(?)(?)])(1 )(2 )]
3: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
"
Information,25/07/2011 4:47:13 PM,Microsoft-Windows-SecuritySPP,1066,None,"Initialization status for service objects.
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0,
0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0,
0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll,
msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000
"
Information,25/07/2011 4:47:11 PM,SecurityCenter,1,None,The Windows Security
Center Service has started.
Information,25/07/2011 4:47:11 PM,sprtsvc_dellsupportcenter,1,None,"The
description for Event ID 1 from source sprtsvc_dellsupportcenter cannot be
found. Either the component that raises this event is not installed on your
local computer or the installation is corrupted. You can install or repair
the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:47:10 PM,Microsoft-Windows-SecuritySPP,900,None,"The Software Protection service is starting.
"
Information,25/07/2011 4:47:07 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:46:07 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:45:59 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:45:51 PM,Microsoft-Windows-Search,1003,Search
service,The Windows Search Service started.
Information,25/07/2011 4:45:38 PM,ESENT,302,Logging/Recovery,Windows (6056)
Windows: The database engine has successfully completed recovery steps.
Information,25/07/2011 4:45:36 PM,ESENT,301,Logging/Recovery,Windows (6056)
Windows: The database engine has begun replaying logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error,25/07/2011 4:45:36 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:45:35 PM,Windows Error Reporting,1001,None,"Fault
bucket 8741692, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: EvtEng.exe
P2: 13.0.0.0
P3: 4ab80b1f
P4: EvtEng.exe
P5: 13.0.0.0
P6: 4ab80b1f
P7: 40000015
P8: 00000000000c06ae
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERAEB5.tmp.appcompat.txt
C:\WINDOWS\Temp\WERB5F6.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERB607.tmp.hdmp
C:\WINDOWS\Temp\WERBAB9.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EvtEng.exe_d24eff
3b33562b4f23974f82f7744f564ea28bf5_14992d08
Analysis symbol:
Rechecking for solution: 0
Report Id: f7c4f21d-b6fe-11e0-903b-005056c00008
Report Status: 0"
Information,25/07/2011 4:45:35 PM,Windows Error Reporting,1001,None,"Fault
bucket 7968693, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERBA0B.tmp.appcompat.txt
C:\WINDOWS\Temp\WERBA3A.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERBA6A.tmp.hdmp
C:\WINDOWS\Temp\WERBC20.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WLANExt.exe_52ef4
7a1dc572c89e0206ac510ed1ee393dc736_14dd2d08
Analysis symbol:
Rechecking for solution: 0
Report Id: f97f2bb7-b6fe-11e0-903b-005056c00008
Report Status: 0"
Information,25/07/2011 4:45:26 PM,ESENT,301,Logging/Recovery,Windows (6056)
Windows: The database engine has begun replaying logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001DB.log.
Information,25/07/2011 4:45:25 PM,ESENT,300,Logging/Recovery,Windows (6056)
Windows: The database engine is initiating recovery steps.
Information,25/07/2011 4:45:25 PM,ESENT,102,General,Windows (6056) Windows:
The database engine (6.01.7600.0000) started a new instance (0).
Error,25/07/2011 4:45:17 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:17 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:11 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:11 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:10 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:07 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:45:06 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:45:06 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERBA0B.tmp.appcompat.txt
C:\WINDOWS\Temp\WERBA3A.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERBA6A.tmp.hdmp
C:\WINDOWS\Temp\WERBC20.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WLANExt.exe_52ef47a
1dc572c89e0206ac510ed1ee393dc736_cab_0dccbce8
Analysis symbol:
Rechecking for solution: 0
Report Id: f97f2bb7-b6fe-11e0-903b-005056c00008
Report Status: 4"
Error,25/07/2011 4:45:06 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:45:06 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: EvtEng.exe
P2: 13.0.0.0
P3: 4ab80b1f
P4: EvtEng.exe
P5: 13.0.0.0
P6: 4ab80b1f
P7: 40000015
P8: 00000000000c06ae
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERAEB5.tmp.appcompat.txt
C:\WINDOWS\Temp\WERB5F6.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERB607.tmp.hdmp
C:\WINDOWS\Temp\WERBAB9.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EvtEng.exe_d24eff3b
33562b4f23974f82f7744f564ea28bf5_cab_1164bbbf
Analysis symbol:
Rechecking for solution: 0
Report Id: f7c4f21d-b6fe-11e0-903b-005056c00008
Report Status: 4"
Error,25/07/2011 4:45:05 PM,Application Error,1000,(100),"Faulting
application name: WLANExt.exe, version: 6.1.7600.16385, time stamp:
0x4a5bcc33
Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe
Exception code: 0x40000015
Fault offset: 0x000000000002aa8e
Faulting process id: 0x730
Faulting application start time: 0x01cc4b0badd5642f
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: f97f2bb7-b6fe-11e0-903b-005056c00008"
Information,25/07/2011 4:45:05 PM,HPSLPSVC,0,None,"The description for Event
ID 0 from source HPSLPSVC cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:45:05 PM,hpqcxs08,0,None,"The description for Event
ID 0 from source hpqcxs08 cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:45:05 PM,Pure Networks Platform
Service,1,None,"Service successfully started.
"
Error,25/07/2011 4:45:02 PM,Application Error,1000,(100),"Faulting
application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab80b1f
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab80b1f
Exception code: 0x40000015
Fault offset: 0x00000000000c06ae
Faulting process id: 0x804
Faulting application start time: 0x01cc4b0bb000cfe2
Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Report Id: f7c4f21d-b6fe-11e0-903b-005056c00008"
Information,25/07/2011 4:45:02 PM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0725164456157_p_00000_00.x picid=0725164456298_g_00000_23.x
Information,25/07/2011 4:45:00 PM,McLogEvent,5000,None,"McShield service
started.
Engine version : 5400.1158
DAT version : 6417.0000
Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None"
Information,25/07/2011 4:44:56 PM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Information,25/07/2011 4:44:56 PM,Microsoft-Windows-Winlogon,6000,None,The
winlogon notification subscriber <SessionEnv> was unavailable to handle a
notification event.
Information,25/07/2011 4:44:56 PM,Microsoft-WindowsWinlogon,4101,None,Windows license validated.
Information,25/07/2011 4:44:54 PM,IAANTmon,7500,None,Intel RAID Controller:
Unknown Controller
Number of Serial ATA ports: 3
RAID Option ROM Version: Unknown
Driver Version: 8.9.0.1023
RAID Plug-In Version: 8.9.0.1023
Language Resource Version of the RAID Plug-In: File not found
Create Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume Wizard: File not found
Create Volume from Existing Hard Drive Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume from Existing Hard Drive
Wizard: File not found
Modify Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Modify Volume Wizard: File not found
Delete Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Delete Volume Wizard: File not found
ISDI Library Version: 8.9.0.1023
Event Monitor User Notification Tool Version: 8.9.0.1023
Language Resource Version of the Event Monitor User Notification Tool: File
not found
Event Monitor Version: 8.9.0.1023
Hard Drive 0
Usage: Unknown hard drive usage
Status: Normal
Device Port: 0
Device Port Location: Internal
Current Serial ATA Transfer Mode: Generation 2
Model: WDC WD6400BEVT-75A0RT0
Serial Number: WD-WX21A3060432
Firmware: 01.01A01
Native Command Queuing Support: Yes
System Hard Drive: Yes
Size: 596.1 GB
Physical Sector Size: 512 Bytes
Logical Sector Size: 512 Bytes
Unused Port 0
Device Port: 5
Device Port Location: External
CD/DVD Drive 0
Device Port: 1
Device Port Location: Internal
Current Serial ATA Transfer Mode: Generation 1
Model: HL-DT-ST DVDRW/BDROM CA10N
Serial Number: K0ZA46D4626
Firmware: A110
Information,25/07/2011 4:44:54 PM,Microsoft-Windows-WMI,5617,None,Windows
Management Instrumentation Service subsystems initialized successfully
Information,25/07/2011 4:44:50 PM,YahooAUService,0,None,"The description for
Event ID 0 from source YahooAUService cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:44:49 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
WLIDInitializationTimerQueue. QueueWorkItem started (44:49:942)
"
Information,25/07/2011 4:44:49 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
g_ WLIDInitializationTimerQueue.Initialize started (44:49:941)
"
Information,25/07/2011 4:44:49 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
g_WLIDTimerQueue.Initialize started (44:49:940)
"
Information,25/07/2011 4:44:49 PM,VMware NAT Service,1000,None,Using
configuration file: C:\ProgramData\VMware\vmnetnat.conf.
IP address: 192.168.140.2
Subnet: 255.255.255.0
External IP address: 0.0.0.0
Device: VMnet8.
MAC address: 00:50:56:FC:0F:25.
Ignoring host MAC address: 00:50:56:C0:00:08.
Information,25/07/2011 4:44:49 PM,Microsoft-Windows-WMI,5615,None,Windows
Management Instrumentation Service started sucessfully
Information,25/07/2011 4:44:49 PM,VMware NAT Service,1000,None,Service
started
Information,25/07/2011 4:44:48 PM,SeaPort,0,None,Service started
Information,25/07/2011 4:44:48 PM,RegSrvc,0,None,"The description for Event
ID 0 from source RegSrvc cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,25/07/2011 4:44:48 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:44:47 PM,hpqddsvc,0,None,"The description for Event
ID 0 from source hpqddsvc cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:44:45 PM,EvtEng,0,None,"The description for Event ID
0 from source EvtEng cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:44:45 PM,btwdins,0,None,"The description for Event
ID 0 from source btwdins cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:44:45 PM,AdobeARMservice,0,None,"The description for
Event ID 0 from source AdobeARMservice cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:44:41 PM,Microsoft-Windows-User Profiles
Service,1531,None,"The User Profile Service has started successfully.
"
Information,25/07/2011 4:44:41 PM,Microsoft-Windows-EventSystem,4625,None,The
EventSystem sub system is suppressing duplicate event log entries for a
duration of 86400 seconds. The suppression timeout can be controlled by a
REG_DWORD value named SuppressDuplicateDuration under the following registry
key: HKLM\Software\Microsoft\EventSystem\EventLog.
Error,25/07/2011 4:44:40 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:43:49 PM,Microsoft-Windows-Winlogon,6000,None,The
winlogon notification subscriber <SessionEnv> was unavailable to handle a
notification event.
Information,25/07/2011 4:43:49 PM,Desktop Window Manager,9009,None,The
Desktop Window Manager has exited with code (0x40010004)
Error,25/07/2011 4:43:19 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:42:46 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:26:56 PM,Microsoft-Windows-SecuritySPP,903,None,"The Software Protection service has stopped.
"
Information,25/07/2011 4:22:27 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,25/07/2011 4:21:56 PM,Microsoft-Windows-SecuritySPP,902,None,"The Software Protection service has started.
6.1.7600.16385"
Information,25/07/2011 4:21:56 PM,Microsoft-Windows-SecuritySPP,1003,None,"The Software Protection service has completed licensing status
check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 1 [(0 [0x00000000, 1, 0],
[(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000
0)(?)(?)(?)])(1 )(2 )]
3: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
"
Information,25/07/2011 4:21:56 PM,Microsoft-Windows-SecuritySPP,1066,None,"Initialization status for service objects.
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0,
0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000,
0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0,
0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll,
msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000
"
Information,25/07/2011 4:21:55 PM,SecurityCenter,1,None,The Windows Security
Center Service has started.
Information,25/07/2011 4:21:55 PM,sprtsvc_dellsupportcenter,1,None,"The
description for Event ID 1 from source sprtsvc_dellsupportcenter cannot be
found. Either the component that raises this event is not installed on your
local computer or the installation is corrupted. You can install or repair
the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:21:54 PM,Microsoft-Windows-SecuritySPP,900,None,"The Software Protection service is starting.
"
Information,25/07/2011 4:21:52 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:20:49 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:20:47 PM,Microsoft-Windows-Search,1003,Search
service,The Windows Search Service started.
Information,25/07/2011 4:20:42 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:20:31 PM,Windows Error Reporting,1001,None,"Fault
bucket 7968693, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERADEA.tmp.appcompat.txt
C:\WINDOWS\Temp\WERAE39.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERAE59.tmp.hdmp
C:\WINDOWS\Temp\WERB176.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WLANExt.exe_52ef4
7a1dc572c89e0206ac510ed1ee393dc736_143d5456
Analysis symbol:
Rechecking for solution: 0
Report Id: 71beaefe-b6fb-11e0-9d26-005056c00008
Report Status: 0"
Information,25/07/2011 4:20:31 PM,Windows Error Reporting,1001,None,"Fault
bucket 8741692, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: EvtEng.exe
P2: 13.0.0.0
P3: 4ab80b1f
P4: EvtEng.exe
P5: 13.0.0.0
P6: 4ab80b1f
P7: 40000015
P8: 00000000000c06ae
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERA784.tmp.appcompat.txt
C:\WINDOWS\Temp\WERC3EB.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERC43A.tmp.hdmp
C:\WINDOWS\Temp\WERC525.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EvtEng.exe_d24eff
3b33562b4f23974f82f7744f564ea28bf5_161d53e9
Analysis symbol:
Rechecking for solution: 0
Report Id: 70be794d-b6fb-11e0-9d26-005056c00008
Report Status: 0"
Error,25/07/2011 4:20:31 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:20:24 PM,ESENT,302,Logging/Recovery,Windows (5752)
Windows: The database engine has successfully completed recovery steps.
Information,25/07/2011 4:20:21 PM,ESENT,301,Logging/Recovery,Windows (5752)
Windows: The database engine has begun replaying logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Information,25/07/2011 4:20:18 PM,ESENT,301,Logging/Recovery,Windows (5752)
Windows: The database engine has begun replaying logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001DA.log.
Information,25/07/2011 4:20:17 PM,ESENT,300,Logging/Recovery,Windows (5752)
Windows: The database engine is initiating recovery steps.
Information,25/07/2011 4:20:15 PM,ESENT,102,General,Windows (5752) Windows:
The database engine (6.01.7600.0000) started a new instance (0).
Error,25/07/2011 4:20:01 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:20:01 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:55 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: EvtEng.exe
P2: 13.0.0.0
P3: 4ab80b1f
P4: EvtEng.exe
P5: 13.0.0.0
P6: 4ab80b1f
P7: 40000015
P8: 00000000000c06ae
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERA784.tmp.appcompat.txt
C:\WINDOWS\Temp\WERC3EB.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERC43A.tmp.hdmp
C:\WINDOWS\Temp\WERC525.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EvtEng.exe_d24eff3b
33562b4f23974f82f7744f564ea28bf5_cab_1068c5fc
Analysis symbol:
Rechecking for solution: 0
Report Id: 70be794d-b6fb-11e0-9d26-005056c00008
Report Status: 4"
Error,25/07/2011 4:19:50 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:50 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERADEA.tmp.appcompat.txt
C:\WINDOWS\Temp\WERAE39.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERAE59.tmp.hdmp
C:\WINDOWS\Temp\WERB176.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WLANExt.exe_52ef47a
1dc572c89e0206ac510ed1ee393dc736_cab_1004b26d
Analysis symbol:
Rechecking for solution: 0
Report Id: 71beaefe-b6fb-11e0-9d26-005056c00008
Report Status: 4"
Error,25/07/2011 4:19:50 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 4:19:49 PM,Application Error,1000,(100),"Faulting
application name: WLANExt.exe, version: 6.1.7600.16385, time stamp:
0x4a5bcc33
Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe
Exception code: 0x40000015
Fault offset: 0x000000000002aa8e
Faulting process id: 0x714
Faulting application start time: 0x01cc4b0827aa5024
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: 71beaefe-b6fb-11e0-9d26-005056c00008"
Information,25/07/2011 4:19:49 PM,HPSLPSVC,0,None,"The description for Event
ID 0 from source HPSLPSVC cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:49 PM,hpqcxs08,0,None,"The description for Event
ID 0 from source hpqcxs08 cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,25/07/2011 4:19:48 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:48 PM,Pure Networks Platform
Service,1,None,"Service successfully started.
"
Error,25/07/2011 4:19:47 PM,Application Error,1000,(100),"Faulting
application name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab80b1f
Faulting module name: EvtEng.exe, version: 13.0.0.0, time stamp: 0x4ab80b1f
Exception code: 0x40000015
Fault offset: 0x00000000000c06ae
Faulting process id: 0x7bc
Faulting application start time: 0x01cc4b0829157906
Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Report Id: 70be794d-b6fb-11e0-9d26-005056c00008"
Information,25/07/2011 4:19:47 PM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0725161941457_g_00000_41.x
Information,25/07/2011 4:19:46 PM,McLogEvent,5000,None,"McShield service
started.
Engine version : 5400.1158
DAT version : 6417.0000
Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None"
Error,25/07/2011 4:19:42 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:42 PM,IAANTmon,7500,None,Intel RAID Controller:
Unknown Controller
Number of Serial ATA ports: 3
RAID Option ROM Version: Unknown
Driver Version: 8.9.0.1023
RAID Plug-In Version: 8.9.0.1023
Language Resource Version of the RAID Plug-In: File not found
Create Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume Wizard: File not found
Create Volume from Existing Hard Drive Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume from Existing Hard Drive
Wizard: File not found
Modify Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Modify Volume Wizard: File not found
Delete Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Delete Volume Wizard: File not found
ISDI Library Version: 8.9.0.1023
Event Monitor User Notification Tool Version: 8.9.0.1023
Language Resource Version of the Event Monitor User Notification Tool: File
not found
Event Monitor Version: 8.9.0.1023
Hard Drive 0
Usage: Unknown hard drive usage
Status: Normal
Device Port: 0
Device Port Location: Internal
Current Serial ATA Transfer Mode: Generation 2
Model: WDC WD6400BEVT-75A0RT0
Serial Number: WD-WX21A3060432
Firmware: 01.01A01
Native Command Queuing Support: Yes
System Hard Drive: Yes
Size: 596.1 GB
Physical Sector Size: 512 Bytes
Logical Sector Size: 512 Bytes
Unused Port 0
Device Port: 5
Device Port Location: External
CD/DVD Drive 0
Device Port: 1
Device Port Location: Internal
Current Serial ATA Transfer Mode: Generation 1
Model: HL-DT-ST DVDRW/BDROM CA10N
Serial Number: K0ZA46D4626
Firmware: A110
Error,25/07/2011 4:19:42 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:41 PM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Information,25/07/2011 4:19:40 PM,Microsoft-Windows-Winlogon,6000,None,The
winlogon notification subscriber <SessionEnv> was unavailable to handle a
notification event.
Information,25/07/2011 4:19:40 PM,Microsoft-WindowsWinlogon,4101,None,Windows license validated.
Error,25/07/2011 4:19:40 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:36 PM,Microsoft-Windows-WMI,5617,None,Windows
Management Instrumentation Service subsystems initialized successfully
Information,25/07/2011 4:19:34 PM,YahooAUService,0,None,"The description for
Event ID 0 from source YahooAUService cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:34 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
WLIDInitializationTimerQueue. QueueWorkItem started (19:34:590)
"
Information,25/07/2011 4:19:34 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
g_ WLIDInitializationTimerQueue.Initialize started (19:34:590)
"
Information,25/07/2011 4:19:34 PM,SignInAssistant,0,None,"The description for
Event ID 0 from source SignInAssistant cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
g_WLIDTimerQueue.Initialize started (19:34:588)
"
Information,25/07/2011 4:19:34 PM,VMware NAT Service,1000,None,Using
configuration file: C:\ProgramData\VMware\vmnetnat.conf.
IP address: 192.168.140.2
Subnet: 255.255.255.0
External IP address: 0.0.0.0
Device: VMnet8.
MAC address: 00:50:56:FC:0F:25.
Ignoring host MAC address: 00:50:56:C0:00:08.
Information,25/07/2011 4:19:34 PM,Microsoft-Windows-WMI,5615,None,Windows
Management Instrumentation Service started sucessfully
Information,25/07/2011 4:19:34 PM,VMware NAT Service,1000,None,Service
started
Information,25/07/2011 4:19:34 PM,SeaPort,0,None,Service started
Information,25/07/2011 4:19:33 PM,RegSrvc,0,None,"The description for Event
ID 0 from source RegSrvc cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,25/07/2011 4:19:33 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:19:32 PM,hpqddsvc,0,None,"The description for Event
ID 0 from source hpqddsvc cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:31 PM,EvtEng,0,None,"The description for Event ID
0 from source EvtEng cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:30 PM,btwdins,0,None,"The description for Event
ID 0 from source btwdins cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:30 PM,AdobeARMservice,0,None,"The description for
Event ID 0 from source AdobeARMservice cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,25/07/2011 4:19:27 PM,Microsoft-Windows-User Profiles
Service,1531,None,"The User Profile Service has started successfully.
"
Information,25/07/2011 4:19:27 PM,Microsoft-Windows-EventSystem,4625,None,The
EventSystem sub system is suppressing duplicate event log entries for a
duration of 86400 seconds. The suppression timeout can be controlled by a
REG_DWORD value named SuppressDuplicateDuration under the following registry
key: HKLM\Software\Microsoft\EventSystem\EventLog.
Error,25/07/2011 4:19:27 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:18:37 PM,Microsoft-Windows-User Profiles
Service,1532,None,"The User Profile Service has stopped.
"
Warning,25/07/2011 4:18:25 PM,Microsoft-Windows-User Profiles
Service,1530,None,"Windows detected your registry file is still in use by
other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.
DETAIL 2 user registry handles leaked from \Registry\User\S-1-5-21-32493416973537190303-2455221922-1001:
Process 1372 (\Device\HarddiskVolume3\WINDOWS\System32\svchost.exe) has
opened key \REGISTRY\USER\S-1-5-21-3249341697-3537190303-24552219221001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1372 (\Device\HarddiskVolume3\WINDOWS\System32\svchost.exe) has
opened key \REGISTRY\USER\S-1-5-21-3249341697-3537190303-24552219221001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
"
Information,25/07/2011 4:18:26 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 4:18:25 PM,Microsoft-Windows-Winlogon,6000,None,The
winlogon notification subscriber <SessionEnv> was unavailable to handle a
notification event.
Information,25/07/2011 4:18:25 PM,Desktop Window Manager,9009,None,The
Desktop Window Manager has exited with code (0x40010004)
Information,25/07/2011 4:03:02 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:02:55 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 4:01:54 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:01:52 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 4:01:52 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 4:01:46 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 4:01:46 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:59:40 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:59:34 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:58:41 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:58:33 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:58:32 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 3:56:14 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 3:56:06 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:56:05 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:54:46 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:54:40 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:53:47 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:53:40 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:53:38 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 3:46:30 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 3:46:21 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:46:20 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:42:26 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:42:18 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:41:22 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:41:18 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:41:17 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 3:40:52 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 3:40:46 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:40:46 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:38:01 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:37:51 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:36:57 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:36:51 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:36:49 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,25/07/2011 3:36:47 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 3:36:38 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:36:37 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:35:19 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:35:13 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:34:15 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 3:34:12 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:34:11 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:34:05 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:34:05 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:34:00 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:33:54 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:32:56 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Warning,25/07/2011 3:32:55 PM,Microsoft-WindowsApplicationExperienceInfrastructure,1,None,"The application (Visual Studio
2005, from vendor Microsoft) has the following problem: Visual Studio 2005
has a known compatibility issue with this version of Windows."
Error,25/07/2011 3:32:53 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:32:52 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:32:46 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:32:45 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:31:17 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:31:10 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:31:00 PM,gusvc,0,None,"The description for Event ID
0 from source gusvc cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,25/07/2011 3:30:11 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 3:30:09 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:30:07 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 3:30:07 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,25/07/2011 3:30:02 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 3:30:02 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 2:25:42 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 12:48:35 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Warning,25/07/2011 12:47:51 PM,Microsoft-WindowsApplicationExperienceInfrastructure,1,None,"The application (Visual Studio
2005, from vendor Microsoft) has the following problem: Visual Studio 2005
has a known compatibility issue with this version of Windows."
Information,25/07/2011 12:41:19 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:41:12 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:40:12 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:40:10 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:40:10 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:40:05 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:40:04 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:40:01 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:39:54 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:39:52 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Information,25/07/2011 12:39:25 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:39:16 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:39:16 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:38:32 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:38:29 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:38:27 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:38:22 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:38:21 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:16:37 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:16:28 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:15:34 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:15:27 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:15:26 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Information,25/07/2011 12:15:23 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:15:20 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:15:20 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:15:15 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:15:14 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Information,25/07/2011 12:12:26 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:12:18 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:12:17 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:11:36 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 12:11:30 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:11:28 PM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Information,25/07/2011 12:11:26 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 12:11:17 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:11:16 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 11:56:19 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 11:56:11 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 11:55:16 AM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Error,25/07/2011 11:55:10 AM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 11:55:09 AM,Fast Access,1,FastAccess
Enabled,FastAccess Enabled due to Command
Information,25/07/2011 11:54:50 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 11:54:45 AM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 11:54:44 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,25/07/2011 9:59:12 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 9:57:44 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 9:57:34 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 9:56:40 AM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0725095633947_p_00000_00.x picid=0725095633150_g_00000_40.x
Information,25/07/2011 9:56:33 AM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Error,25/07/2011 9:56:18 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 9:56:17 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 9:56:12 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 12:57:58 AM,SideBySide,35,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sony\Media Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found
in manifest does not match the identity of the component requested. Reference
is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 12:56:57 AM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx
Systems\EA\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Error,25/07/2011 12:56:57 AM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx Systems\EA
Trial\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA Trial\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Information,25/07/2011 12:09:00 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:08:54 AM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,25/07/2011 12:07:57 AM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0725000752745_p_00000_00.x picid=0725000753933_g_00000_89.x
Information,25/07/2011 12:07:52 AM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Error,25/07/2011 12:07:41 AM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 12:07:40 AM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,25/07/2011 12:07:40 AM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,25/07/2011 12:03:01 AM,VSS,8224,None,The VSS service is shutting
down due to idle timeout.
Information,24/07/2011 10:00:50 PM,McLogEvent,5000,None,"McShield service
started.
Engine version : 5400.1158
DAT version : 6417.0000
Number of signatures in EXTRA.DAT : None
Names of threats that EXTRA.DAT can detect : None"
Information,24/07/2011 9:53:38 PM,Microsoft-Windows-Defrag,258,None,The disk
defragmenter successfully completed boot optimization on OS (C:)
Error,24/07/2011 9:44:09 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,24/07/2011 9:41:25 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,24/07/2011 9:41:19 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,24/07/2011 9:41:18 PM,gusvc,0,None,"The description for Event ID
0 from source gusvc cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Information,24/07/2011 9:13:32 PM,Windows Error Reporting,1001,None,"Fault
bucket 9, type 5
Event Name: NetworkDiagnosticsFrameworkV3
Response: Not available
Cab Id: 0
Problem signature:
P1: Microsoft
P2: AutoConfig Helper Class [1.0]
P3: 2
P4: 8008F906
P5: {07D37F7B-FA5E-4443-BDA7-AB107B29AFB9}
P6: AutoConfig Helper Class [1.0]
P7: {3DED64BC-233B-4ea8-89D6-7DADB3432FCB}
P8: netw5s64.sys
P9: 13.0.0.107 29/11/2009
P10:
Attached files:
C:\WINDOWS\System32\NDF\{E6F5A836-6793-4F3D-A82E-9F836477592B}-WER-072420112113.etl
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_6c8a
aed6abb0ad298d86b8f8a08bbeb34de4ae_2ac0e105
Analysis symbol:
Rechecking for solution: 0
Report Id: 4a1eca0a-b65b-11e0-8ef1-005056c00008
Report Status: 0"
Information,24/07/2011 9:13:28 PM,Windows Error Reporting,1001,None,"Fault
bucket 7968693, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WER97F5.tmp.appcompat.txt
C:\WINDOWS\Temp\WER9853.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WER9873.tmp.hdmp
C:\WINDOWS\Temp\WER9C5B.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WLANExt.exe_52ef4
7a1dc572c89e0206ac510ed1ee393dc736_2bd0d468
Analysis symbol:
Rechecking for solution: 0
Report Id: 441bb321-b65b-11e0-8ef1-005056c00008
Report Status: 0"
Information,24/07/2011 9:13:24 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: NetworkDiagnosticsFrameworkV3
Response: Not available
Cab Id: 0
Problem signature:
P1: Microsoft
P2: AutoConfig Helper Class [1.0]
P3: 2
P4: 8008F906
P5: {07D37F7B-FA5E-4443-BDA7-AB107B29AFB9}
P6: AutoConfig Helper Class [1.0]
P7: {3DED64BC-233B-4ea8-89D6-7DADB3432FCB}
P8: netw5s64.sys
P9: 13.0.0.107 29/11/2009
P10:
Attached files:
C:\WINDOWS\System32\NDF\{E6F5A836-6793-4F3D-A82E-9F836477592B}-WER-072420112113.etl
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft_6c8aae
d6abb0ad298d86b8f8a08bbeb34de4ae_cab_0e40c1c2
Analysis symbol:
Rechecking for solution: 0
Report Id: 4a1eca0a-b65b-11e0-8ef1-005056c00008
Report Status: 4"
Information,24/07/2011 9:13:14 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WER97F5.tmp.appcompat.txt
C:\WINDOWS\Temp\WER9853.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WER9873.tmp.hdmp
C:\WINDOWS\Temp\WER9C5B.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WLANExt.exe_52ef47a
1dc572c89e0206ac510ed1ee393dc736_cab_0c209d23
Analysis symbol:
Rechecking for solution: 0
Report Id: 441bb321-b65b-11e0-8ef1-005056c00008
Report Status: 4"
Error,24/07/2011 9:13:13 PM,Application Error,1000,(100),"Faulting
application name: WLANExt.exe, version: 6.1.7600.16385, time stamp:
0x4a5bcc33
Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe
Exception code: 0x40000015
Fault offset: 0x000000000002aa8e
Faulting process id: 0x1bf8
Faulting application start time: 0x01cc4a680152e2a0
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\system32\msvcrt.dll
Report Id: 441bb321-b65b-11e0-8ef1-005056c00008"
Error,24/07/2011 9:12:56 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 8:06:21 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,24/07/2011 8:05:06 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,24/07/2011 8:04:59 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Warning,24/07/2011 8:04:42 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Warning,24/07/2011 8:04:33 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Information,24/07/2011 8:04:03 PM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0724200358314_g_00000_72.x
Information,24/07/2011 8:03:58 PM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Error,24/07/2011 8:03:53 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 8:03:53 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 8:03:52 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 7:49:17 PM,Windows Backup,4103,None,The backup did not
complete because of an error writing to the backup location E:\. The error
is: The backup location cannot be found or is not valid. Review your backup
settings and check the backup location. (0x81000006).
Information,24/07/2011 7:49:16 PM,Windows Backup,4097,None,Backup has
started. Backup location: E:\.
Error,24/07/2011 7:49:15 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 7:49:14 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,24/07/2011 7:49:14 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\kPrism.pst has detected a
catalog checkpoint.
Error,24/07/2011 7:49:14 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,24/07/2011 7:49:09 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\archive.pst has detected a
catalog checkpoint.
Information,24/07/2011 7:49:09 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\Outlook.pst has detected a
catalog checkpoint.
Warning,24/07/2011 1:30:23 AM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Error,24/07/2011 1:00:01 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,24/07/2011 1:00:00 AM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Warning,24/07/2011 12:57:20 AM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Warning,24/07/2011 12:30:20 AM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Information,24/07/2011 12:16:06 AM,VSS,8224,None,The VSS service is shutting
down due to idle timeout.
Warning,23/07/2011 11:57:20 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Error,23/07/2011 11:31:30 PM,SideBySide,35,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sony\Media Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found
in manifest does not match the identity of the component requested. Reference
is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 11:31:14 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx
Systems\EA\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Error,23/07/2011 11:31:14 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx Systems\EA
Trial\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA Trial\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Warning,23/07/2011 11:30:20 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
"
Warning,23/07/2011 10:57:30 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Error,23/07/2011 10:53:42 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 10:52:53 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 10:52:42 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 10:45:25 PM,SideBySide,35,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sony\Media Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found
in manifest does not match the identity of the component requested. Reference
is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 10:43:14 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx
Systems\EA\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Error,23/07/2011 10:43:14 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx Systems\EA
Trial\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA Trial\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Warning,23/07/2011 10:29:52 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Error,23/07/2011 10:25:01 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx
Systems\EA\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Error,23/07/2011 10:25:01 PM,SideBySide,59,None,"Activation context
generation failed for ""C:\Program Files (x86)\Sparx Systems\EA
Trial\SSInvoke.exe"".Error in manifest or policy file ""C:\Program Files
(x86)\Sparx Systems\EA Trial\SSInvoke.exe"" on line 21. Invalid Xml syntax."
Warning,23/07/2011 9:56:52 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Error,23/07/2011 9:46:02 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,23/07/2011 9:45:21 PM,VSS,8224,None,The VSS service is shutting
down due to idle timeout.
Error,23/07/2011 9:44:22 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,23/07/2011 9:43:41 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,23/07/2011 9:43:31 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Warning,23/07/2011 9:43:12 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Information,23/07/2011 9:42:38 PM,Fast Access,1,Password used for
authentication,User kPrismH\Horia password used for authentication.
picid=0723214230768_p_00000_00.x picid=0723214231673_g_00000_21.x
Information,23/07/2011 9:42:31 PM,Fast Access,1,Biometric data updated,User
kPrismH\Horia biometric data updated.
Warning,23/07/2011 9:42:28 PM,Google Update,20,None,"The description for
Event ID 20 from source Google Update cannot be found. Either the component
that raises this event is not installed on your local computer or the
installation is corrupted. You can install or repair the component on the
local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://tools.google.com/service/update2
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80040801. Http status
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status
trying WinHTTP.
Send request returned 0x80040801. Http status
trying CUP:iexplore.
Send request returned 0x80040801. Http status
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status
trying WinHTTP.
Send request returned 0x80072ee7. Http status
trying CUP:iexplore.
Send request returned 0x80004005. Http status
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7.
"
Information,23/07/2011 9:41:55 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,23/07/2011 9:41:49 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,23/07/2011 9:41:45 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,23/07/2011 9:41:44 PM,gusvc,0,None,"The description for Event ID
0 from source gusvc cannot be found. Either the component that raises this
event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service started
"
Error,23/07/2011 9:41:41 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 9:41:40 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 9:41:38 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,23/07/2011 5:28:37 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\kPrism.pst has detected a
catalog checkpoint.
Information,23/07/2011 5:28:37 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\Outlook.pst has detected a
catalog checkpoint.
Error,23/07/2011 5:28:36 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 5:28:36 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 5:28:32 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 5:28:32 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,23/07/2011 5:28:31 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,23/07/2011 5:28:31 PM,Outlook,32,None,The store
C:\Users\Horia\AppData\Local\Microsoft\Outlook\archive.pst has detected a
catalog checkpoint.
Error,22/07/2011 11:00:02 PM,SideBySide,33,None,"Activation context
generation failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 7:59:24 PM,VSS,8224,None,The VSS service is shutting
down due to idle timeout.
Error,22/07/2011 7:56:24 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 7:14:49 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 7:14:40 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 7:13:45 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,22/07/2011 7:13:39 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 7:13:38 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,22/07/2011 7:13:02 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Error,22/07/2011 7:12:55 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 7:12:55 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 7:12:52 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 7:12:44 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 7:11:51 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,22/07/2011 7:11:43 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,22/07/2011 7:04:30 PM,SideBySide,35,None,"Activation context generation
failed for ""C:\Program Files (x86)\Sony\Media Go\MediaGo.exe"".Error in
manifest or policy file ""C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found in manifest does
not match the identity of the component requested. Reference is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 7:04:18 PM,SideBySide,35,None,"Activation context generation
failed for ""C:\Program Files (x86)\Sony\Media Go\MediaGo.exe"".Error in
manifest or policy file ""C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found in manifest does
not match the identity of the component requested. Reference is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 7:01:59 PM,SideBySide,35,None,"Activation context generation
failed for ""C:\Program Files (x86)\Sony\Media Go\MediaGo.exe"".Error in
manifest or policy file ""C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST"" on line 3. Component identity found in manifest does
not match the identity of the component requested. Reference is
Sony.Mrs,processorArchitecture=""AMD64"",type=""win32"",version=""2.2.0.0"".
Definition is
Sony.Mrs,processorArchitecture=""x86"",type=""win32"",version=""2.2.0.0"".
Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 6:55:08 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 6:53:15 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 6:53:06 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 6:52:10 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,22/07/2011 6:52:03 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Error,22/07/2011 6:51:10 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 6:50:39 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 6:41:57 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 6:41:57 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Error,22/07/2011 6:41:56 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 6:32:03 PM,Windows Error Reporting,1001,None,"Fault
bucket 452704182, type 5
Event Name: ScriptedDiagFailure
Response: Not available
Cab Id: 0
Problem signature:
P1: Microsoft Windows.NetworkDiagnostics.1.0
P2: Default
P3: 1.0.0.0
P4: Default
P5:
P6:
P7:
P8:
P9:
P10:
Attached files:
C:\Users\Horia\AppData\Local\Temp\msdt\_0983570E-30B8-4CF1-BB4A279D51FBDB4D_\Pkg1BDA.cab
These files may be available here:
C:\Users\Horia\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_
Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_10544347
Analysis symbol:
Rechecking for solution: 0
Report Id: 65807312-b4b2-11e0-8ef1-005056c00008
Report Status: 0"
Information,22/07/2011 6:31:53 PM,Windows Error Reporting,1001,None,"Fault
bucket , type 0
Event Name: ScriptedDiagFailure
Response: Not available
Cab Id: 0
Problem signature:
P1: Microsoft Windows.NetworkDiagnostics.1.0
P2: Default
P3: 1.0.0.0
P4: Default
P5:
P6:
P7:
P8:
P9:
P10:
Attached files:
C:\Users\Horia\AppData\Local\Temp\msdt\_0983570E-30B8-4CF1-BB4A279D51FBDB4D_\Pkg1BDA.cab
These files may be available here:
C:\Users\Horia\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Mi
crosoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_1b881c76
Analysis symbol:
Rechecking for solution: 0
Report Id: 65807312-b4b2-11e0-8ef1-005056c00008
Report Status: 4"
Error,22/07/2011 6:31:46 PM,SideBySide,33,None,"Activation context generation
failed for ""C:\Windows\system32\conhost.exe"". Dependent Assembly
Microsoft.Windows.SystemCompatible,processorArchitecture=""amd64"",publicKeyT
oken=""6595b64144ccf1df"",type=""win32"",version=""6.0.7600.16823"" could not
be found. Please use sxstrace.exe for detailed diagnosis."
Information,22/07/2011 5:55:25 PM,MsiInstaller,1033,None,Windows Installer
installed the product. Product Name: Junos Pulse. Product Version: 2.0.11013.
Product Language: 1033. Manufacturer: Juniper Networks. Installation success
or error status: 1603.
Information,22/07/2011 5:55:25 PM,MsiInstaller,11708,None,Product: Junos
Pulse -- Installation operation failed.
Information,22/07/2011 5:51:18 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 5:51:12 PM,Fast Access,1,FastAccess
Disabled,FastAccess Disabled due to Command
Information,22/07/2011 5:50:16 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,22/07/2011 5:50:10 PM,Fast Access,1,FastAccess Enabled,FastAccess
Enabled due to Command
Information,22/07/2011 5:40:51 PM,Windows Error Reporting,1001,None,"Fault
bucket 7968693, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: WLANExt.exe
P2: 6.1.7600.16385
P3: 4a5bcc33
P4: msvcrt.dll
P5: 7.0.7600.16385
P6: 4a5bdfbe
P7: 40000015
P8: 000000000002aa8e
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERB46F.tmp.appcompat.txt
C:\WINDOWS\Temp\WERB490.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERB4B0.tmp.hdmp
C:\WINDOWS\Temp\WERB6A4.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WLANExt.exe_52ef4
7a1dc572c89e0206ac510ed1ee393dc736_044d63a2
Analysis symbol:
Rechecking for solution: 0
Report Id: 55020554-b4a9-11e0-8ef1-005056c00008
Report Status: 0"
Information,22/07/2011 5:40:41 PM,Windows Error Reporting,1001,None,"Fault
bucket 22665803, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: svchost.exe
P2: 6.1.7600.16385
P3: 4a5bc3c1
P4: ole32.dll
P5: 6.1.7600.16624
P6: 4c2984e3
P7: c0000005
P8: 00000000000324aa
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WER333F.tmp.appcompat.txt
C:\WINDOWS\Temp\WER3350.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WER3351.tmp.hdmp
C:\WINDOWS\Temp\WER33A0.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_svchost.exe_535bc
e948c7b321db07149b1a31be97e52c64bc6_044d3d2e
Analysis symbol:
Rechecking for solution: 0
Report Id: 2c8ed303-b4a9-11e0-a789-005056c00008
Report Status: 0"
Information,22/07/2011 5:40:31 PM,Windows Error Reporting,1001,None,"Fault
bucket 8741692, type 4
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: EvtEng.exe
P2: 13.0.0.0
P3: 4ab80b1f
P4: EvtEng.exe
P5: 13.0.0.0
P6: 4ab80b1f
P7: 40000015
P8: 00000000000c06ae
P9:
P10:
Attached files:
C:\WINDOWS\Temp\WERA69A.tmp.appcompat.txt
C:\WINDOWS\Temp\WERAA34.tmp.WERInternalMetadata.xml
C:\WINDOWS\Temp\WERAA35.tmp.hdmp
C:\WINDOWS\Temp\WERAB5E.tmp.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_EvtEng.exe_d24eff
3b33562b4f23974f82f7744f564ea28bf5_044d168c
Analysis symbol:
Rechecking for solution: 0
Report Id: 52e2edf0-b4a9-11e0-8ef1-005056c00008
Report Status: 0"
Information,22/07/2011 5:36:48 PM,VSS,8224,None,The VSS service is shutting
down due to idle timeout.
Information,22/07/2011 5:36:34 PM,Microsoft-WindowsRestartManager,10001,None,Ending session 0 started 2011-0722T21:32:41.617878600Z.
Information,22/07/2011 5:36:34 PM,MsiInstaller,1042,None,Ending a Windows
Installer transaction: C:\Users\Horia\AppData\Local\Temp\Temp1_j-pulse-win-2
0r3-b11013-64bitinstaller (2).zip\j-pulse-win-2.0r3-b1101364bitinstaller.msi. Client Process Id: 7652.
Information,22/07/2011 5:34:24 PM,Microsoft-Windows-SecuritySPP,903,None,"The Software Protection service has stopped.
"
Information,22/07/2011 5:33:42 PM,VSS,8220,None,Ran out of time while
deleting files.
Operation:
OnPostSnapshot event
PostSnapshot Event
Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2f9f3c78-3c45-425e-aa61-f0f3d2c3e707}
Information,22/07/2011 5:33:10 PM,VSS,8219,None,Ran out of time while
expanding file specification
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\Windows\softwaredistribution
\*.*. This was being done for the WUA subscriber.
Operation:
OnPostSnapshot event
PostSnapshot Event
Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2f9f3c78-3c45-425e-aa61-f0f3d2c3e707}
Information,22/07/2011 5:33:10 PM,VSS,8219,None,Ran out of time while
expanding file specification
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\Windows\softwaredistribution
\Download\*.*. This was being done for the WUA subscriber.
Operation:
OnPostSnapshot event
PostSnapshot Event
Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2f9f3c78-3c45-425e-aa61-f0f3d2c3e707}
Information,22/07/2011 5:33:10 PM,VSS,8219,None,Ran out of time while
expanding file specification
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\Windows\softwaredistribution
\Download\488053cdbca3231eeb2c2af7236d09ed\*.*. This was being done for the
WUA subscriber.
Operation:
OnPostSnapshot event
PostSnapshot Event
Context:
Execution Context: Shadow Copy Optimization Writer
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {2f9f3c78-3c45-425e-aa61-f0f3d2c3e707}
Information,22/07/2011 5:32:41 PM,Microsoft-WindowsRestartManager,10000,None,Starting session 0 - 2011-0722T21:32:41.617878600Z.
Information,22/07/2011 5:32:33 PM,System Restore,8194,None,Successfully
created restore point (Process = C:\Windows\system32\msiexec.exe /V;
Description = Installed Junos Pulse.).
Information,22/07/2011 5:32:07 PM,MsiInstaller,1040,None,Beginning a Windows
Installer transaction: C:\Users\Horia\AppData\Local\Temp\Temp1_j-pulse-win-2
0r3-b11013-64bitinstaller (2).zip\j-pulse-win-2.0r3-b1101364bitinstaller.msi. Client Process Id: 7652.
Information,22/07/2011 5:29:40 PM,gupdate,0,None,"The description for Event
ID 0 from source gupdate cannot be found. Either the component that raises
this event is not installed on your local computer or the installation is
corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to
be saved with the event.
The following information was included with the event:
Service stopped
"
Information,22/07/2011 5:29:23 PM,Microsoft-Windows-SecuritySPP,902,None,"The Software Protection service has started.
6.1.7600.16385"
Information,22/07/2011 5:29:23 PM,Microsoft-Windows-SecuritySPP,1003,None,"The Software Protection service has completed licensing status
check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0],
[(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 1 [(0 [0x00000000, 1, 0],
[(?)(?)( 1 0x00000000 0 0 msft
Security_Events
Level Date and Time
Source
Event ID
Task Category
Information 25/07/2011 16:58 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:58 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:49 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:49 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:48 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:48 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
-
Logon
Package Name (NTLM only):
Key Length:
0
-
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\__vmware_user__
__vmware_user__
kPrismH
0x2020f3
{00000000-0000-0000-0000-000000000000}
SYSTEM
KPRISMH$
WORKGROUP
Process Information:
Process ID:
0xc64
Process Name:
C:\Program Files (x86)\VMware\VMware
Player\vmware-authd.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
__vmware_user__
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
0xc64
Process Name:
C:\Program Files (x86)\VMware\VMware
Player\vmware-authd.exe
Network Information:
Network Address:
Port:
-
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4724 User
Account Management
"An attempt was made to reset an account's password.
Subject:
Security ID:
Account Name:
SYSTEM
KPRISMH$
Account Domain:
Logon ID:
WORKGROUP
0x3e7
Target Account:
Security ID:
kPrismH\__vmware_user__
Account Name:
__vmware_user__
Account Domain:
kPrismH"
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4738
Account Management
"A user account was changed.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Target Account:
Security ID:
Account Name:
Account Domain:
kPrismH\__vmware_user__
__vmware_user__
kPrismH
Changed Attributes:
SAM Account Name: __vmware_user__
Display Name:
__vmware_user__
User Principal Name:
Home Directory:
<value not set>
Home Drive:
<value not set>
Script Path:
<value not set>
Profile Path:
<value not set>
User Workstations:
<value not set>
Password Last Set:
25/07/2011 4:45:55 PM
Account Expires:
<never>
Primary Group ID: 513
AllowedToDelegateTo:
Old UAC Value:
0x10
New UAC Value:
0x10
User Account Control:
User Parameters: SID History:
Logon Hours:
All
Additional Information:
Privileges:
-"
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
User
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
-
Logon
Package Name (NTLM only):
Key Length:
0
-
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:45 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
Logon
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 6406 Other
System Events
"McAfee Personal Firewall registered to Windows Firewall to
control filtering for the following:
BootTimeRuleCategory, FirewallRuleCategory."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x60301
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x60366
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x60301
Privileges:
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x60366
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Access\FAService.exe
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x404
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
-
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x60301
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Access\FAService.exe
0x404
SYSTEM
KPRISMH$
WORKGROUP
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
Process Name:
Access\FAService.exe
Network Information:
Network Address:
Port:
0x404
C:\Program Files (x86)\Sensible Vision\Fast
-
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
NULL SID
-
Account Domain:
Logon ID:
0x0
Logon Type:
3
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
ANONYMOUS LOGON
ANONYMOUS LOGON
NT AUTHORITY
0x5f03e
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
0x0
-
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
NtLmSsp
Authentication Package: NTLM
Transited Services:
Package Name (NTLM only):
NTLM V1
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
kPrismH\Horia
Horia
kPrismH
0x58e88
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x58eb2
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x364
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x58e88
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
0x364
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4648
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
Process Name:
Network Information:
Network Address:
Port:
0x364
C:\WINDOWS\System32\winlogon.exe
127.0.0.1
0
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
Logon
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 5024 Other
System Events
The Windows Firewall service started successfully.
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 5033 Other
System Events
The Windows Firewall Driver started successfully.
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Network Information:
Workstation Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Logon
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 5056
System Integrity "A cryptographic self test was performed.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Module:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
ncrypt.dll
Return Code:
0x0"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
LOCAL SERVICE
LOCAL SERVICE
NT AUTHORITY
0x3e5
Privileges:
SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
LOCAL SERVICE
LOCAL SERVICE
NT AUTHORITY
0x3e5
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
NETWORK SERVICE
NETWORK SERVICE
NT AUTHORITY
0x3e4
Privileges:
SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
NETWORK SERVICE
NETWORK SERVICE
NT AUTHORITY
0x3e4
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
SYSTEM
KPRISMH$
WORKGROUP
Logon
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2fc
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4902 Audit
Policy Change
"The Per-user audit policy table was created.
Number of Elements:
0
Policy ID: 0x2f7fd"
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x0
Logon Type:
0
NULL SID
-
Logon
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x4
Network Information:
Workstation Name: Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Authentication Package: Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:44 Microsoft-Windows-Security-Auditing 4608
Security State Change
"Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is
initialized."
Information 25/07/2011 16:43 Microsoft-Windows-Security-Auditing 4647
Logoff
"User initiated logoff:
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x5d2ba
This event is generated when a logoff is initiated. No further user-initiated
activity can occur. This event can be interpreted as a logoff event."
Information 25/07/2011 16:43 Microsoft-Windows-Eventlog
1100 Service
shutdown
The event logging service has shut down.
Information 25/07/2011 16:43 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:43 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:24 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:24 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Network Information:
Workstation Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Logon
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:22 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:22 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Logon
Logon Type:
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
5
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
SYSTEM
KPRISMH$
WORKGROUP
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\__vmware_user__
__vmware_user__
kPrismH
0x2b5036
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
0xc98
Process Name:
C:\Program Files (x86)\VMware\VMware
Player\vmware-authd.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
__vmware_user__
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
0xc98
Process Name:
C:\Program Files (x86)\VMware\VMware
Player\vmware-authd.exe
Network Information:
Network Address:
Port:
-
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4724 User
Account Management
"An attempt was made to reset an account's password.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Target Account:
Security ID:
kPrismH\__vmware_user__
Account Name:
__vmware_user__
Account Domain:
kPrismH"
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4738
Account Management
"A user account was changed.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Target Account:
Security ID:
Account Name:
Account Domain:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
kPrismH\__vmware_user__
__vmware_user__
kPrismH
Changed Attributes:
SAM Account Name: __vmware_user__
Display Name:
__vmware_user__
User Principal Name:
Home Directory:
<value not set>
Home Drive:
<value not set>
Script Path:
<value not set>
Profile Path:
<value not set>
User Workstations:
<value not set>
Password Last Set:
25/07/2011 4:20:43 PM
Account Expires:
<never>
Primary Group ID: 513
AllowedToDelegateTo:
Old UAC Value:
0x10
New UAC Value:
0x10
User Account Control:
User Parameters: SID History:
Logon Hours:
All
User
Additional Information:
Privileges:
-"
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:20 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Logon
Source Port:
-
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Logon
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 6406 Other
System Events
"McAfee Personal Firewall registered to Windows Firewall to
control filtering for the following:
BootTimeRuleCategory, FirewallRuleCategory."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x0
Logon Type:
3
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
ANONYMOUS LOGON
ANONYMOUS LOGON
NT AUTHORITY
0x78dbd
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
NULL SID
-
0x0
-
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
NtLmSsp
Authentication Package: NTLM
Transited Services:
Package Name (NTLM only):
NTLM V1
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x62bc6
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x62c07
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x62bc6
Privileges:
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
SYSTEM
KPRISMH$
WORKGROUP
kPrismH\Horia
Horia
kPrismH
Logon
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Access\FAService.exe
0x62c07
{00000000-0000-0000-0000-000000000000}
0x410
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x62bc6
{00000000-0000-0000-0000-000000000000}
SYSTEM
KPRISMH$
WORKGROUP
Process Information:
Process ID:
Process Name:
Access\FAService.exe
0x410
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
0x410
Process Name:
Access\FAService.exe
Network Information:
Network Address:
Port:
C:\Program Files (x86)\Sensible Vision\Fast
-
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x5d299
Privileges:
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x5d2ba
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
0x3f8
Logon
SYSTEM
KPRISMH$
WORKGROUP
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x5d299
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
0x3f8
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
Process Name:
Network Information:
Network Address:
Port:
0x3f8
C:\WINDOWS\System32\winlogon.exe
127.0.0.1
0
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Network Information:
Workstation Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Logon
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 5024 Other
System Events
The Windows Firewall service started successfully.
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 5033 Other
System Events
The Windows Firewall Driver started successfully.
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Logon
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon Type:
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
5
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 5056
System Integrity "A cryptographic self test was performed.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Module:
ncrypt.dll
Return Code:
0x0"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
Privileges:
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Network Information:
Workstation Name:
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Logon
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
LOCAL SERVICE
LOCAL SERVICE
NT AUTHORITY
0x3e5
Privileges:
SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
LOCAL SERVICE
LOCAL SERVICE
NT AUTHORITY
0x3e5
Logon
Logon GUID:
Process Information:
Process ID:
Process Name:
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
NETWORK SERVICE
NETWORK SERVICE
NT AUTHORITY
0x3e4
Privileges:
SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
Logon
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
NETWORK SERVICE
NETWORK SERVICE
NT AUTHORITY
0x3e4
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
5
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x2f4
C:\WINDOWS\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4902 Audit
Policy Change
"The Per-user audit policy table was created.
Number of Elements:
0
Policy ID: 0x2f869"
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x0
Logon Type:
0
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Process Information:
Process ID:
Process Name:
Logon
NULL SID
-
SYSTEM
SYSTEM
NT AUTHORITY
0x3e7
{00000000-0000-0000-0000-000000000000}
0x4
Network Information:
Workstation Name: Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Authentication Package: Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 16:19 Microsoft-Windows-Security-Auditing 4608
Security State Change
"Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is
initialized."
Information 25/07/2011 16:18 Microsoft-Windows-Eventlog
1100 Service
shutdown
The event logging service has shut down.
Information 25/07/2011 16:18 Microsoft-Windows-Security-Auditing 4647
Logoff
"User initiated logoff:
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x149a8f
This event is generated when a logoff is initiated. No further user-initiated
activity can occur. This event can be interpreted as a logoff event."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x10ab6df3
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x10ab6e8e
Logon Type:
2
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Privileges:
kPrismH\Horia
Horia
kPrismH
0x10ab6df3
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x10ab6e8e
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Access\FAService.exe
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x2c0
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
2
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x10ab6df3
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Access\FAService.exe
SYSTEM
KPRISMH$
WORKGROUP
0x2c0
C:\Program Files (x86)\Sensible Vision\Fast
Network Information:
Workstation Name: KPRISMH
Source Network Address: Source Port:
Detailed Authentication Information:
Logon Process:
Advapi
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4648
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
localhost
Additional Information: localhost
Process Information:
Process ID:
Process Name:
Access\FAService.exe
Network Information:
Network Address:
Port:
0x2c0
C:\Program Files (x86)\Sensible Vision\Fast
-
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs
in batch-type configurations such as scheduled tasks, or when using the RUNAS
command."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x10ab6752
Logon Type:
7
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4634
Logoff
"An account was logged off.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x10ab677a
Logon Type:
7
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs
are only unique between reboots on the same computer."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4672
Special Logon
"Special privileges assigned to new logon.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
kPrismH\Horia
Horia
kPrismH
0x10ab6752
Privileges:
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4624
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
7
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x10ab677a
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
Logon
SYSTEM
KPRISMH$
WORKGROUP
0x37c
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4624 Logon
"An account was successfully logged on.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
0x3e7
Logon Type:
7
New Logon:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
kPrismH\Horia
Horia
kPrismH
0x10ab6752
{00000000-0000-0000-0000-000000000000}
Process Information:
Process ID:
Process Name:
SYSTEM
KPRISMH$
WORKGROUP
0x37c
C:\WINDOWS\System32\winlogon.exe
Network Information:
Workstation Name: KPRISMH
Source Network Address: 127.0.0.1
Source Port:
0
Detailed Authentication Information:
Logon Process:
User32
Authentication Package: Negotiate
Transited Services:
Package Name (NTLM only):
Key Length:
0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this
event with a KDC event.
- Transited services indicate which intermediate services have
participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This
will be 0 if no session key was requested."
Information 25/07/2011 9:56
Microsoft-Windows-Security-Auditing 4648 Logon
"A logon was attempted using explicit credentials.
Subject:
Security ID:
Account Name:
Account Domain:
Logon ID:
Logon GUID:
SYSTEM
KPRISMH$
WORKGROUP
0x3e7
{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:
Horia
Account Domain:
kPrismH
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name:
Addition
localhost